django -- multiple vulnerabilities

Tim Graham reports: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth User enumeration through timing difference on password hasher work factor upgrade...

Libunwind One Error Vulnerability

libunwind is a library that provides basic stack tumbling functionality for programs based on 64-bit CPUs and operating systems. It includes APIs for exporting stack traces, APIs for programmatically tumbling the stack, and APIs to support C++ exception handling mechanisms. A difference-one error...

kernel: ping sockets: use-after-free leading to local privilege escalation

It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On...

eYou mail system The message body stored XSS（HTML5 features and need to click on the-vulnerability warning-the black bar safety net

Since eyou version number is different, the following test code The effect is a subtle distinction, but the presence of the vulnerability causes of the same. Test code: !-- if trueimg onerror=alert1 src=--form action=javascript:alert2input type=submitinput autofocus onfocus=alert3select autofocus...

[SECURITY] Fedora 20 Update: subversion-1.8.10-1.fc20

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

[SECURITY] Fedora 19 Update: subversion-1.7.16-1.fc19

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

[SECURITY] Fedora 20 Update: subversion-1.8.8-1.fc20

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

PT-2013-3530 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen versions 4.0.x through 4.2.x Description: The issue allows one domain to determine portions of the state of floating point instructions of other domains, potentially leading to the disclosure of sensitive information such as cryptographic...

ipa security, bug fix and enhancement update

3.0.0-25.el6 - Filter generated winbind dependencies so the right version of samba can be installed. 905594 3.0.0-24.el6 - Add certmonger condrestart to server post scriptlet 903758 - Make certmonger a pre Requires 903758 - Add selinux-policy to Requirespre to avoid post scriptlet AVCs 903758 - S...

Time difference between Veeam Monitor server and ESX host is too large.

Challenge When attempting to add a vCenter Server or a standalone host with a different time zone, the operation may fail with the error: Failed to connect to "". Time difference between Veeam Monitor server and ESX host is too large. Make sure that NTP is enabled on ESX host and try again. Cause...

Stable Channel Update

The Stable channel has been updated to 21.0.1180.75 for Mac, Linux, Windows and Chrome Frame This build fixes: Flash videos not longer remaining in fullscreen when clicking a secondary monitor while the video is playing Issue: 140366. Flash video full screen displays on wrong monitor Issue: 13752...

SuSE 10 Security Update : coreutils (ZYPP Patch Number 7655)

This update of coreutils fixes the following security issue : - 697897: coreutils: when running 'su -c' to execute commands as different user the target user could inject command back into the calling users terminal via the TIOCSTI ioctl. This update also fixes the following non-security issues :...

Mozilla Cookie isolation error (MFSA 2011-24)

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

Nmap NSE net: http-date

Gets the date from HTTP-like services. Also prints how much the date differs from local time. Local time is the time the HTTP request was sent, so the difference includes at least the duration of one RTT. SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll be pipeline...

Intermittent Session Lost During Add/Edit Page in Firefox

We customized Seraph to integrate with our SSO Server. Seraph will perform session validation through cookies. When using firefox, we found that in 1 out of 5 to 8 times when we edit a page or add a new page, we will lose our session and be directed back to the login page. This does not happen in...

VulnCheck KEV: CVE-2008-1490

Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo aka Pizco and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Action property, a different CLSID than...

OpenJDK JRE AWT setDifflCM stack overflow (6872357)

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...

[SECURITY] Fedora 11 Update: deltarpm-3.4-18.fc11

A deltarpm contains the difference between an old and a new version of a rpm, which makes it possible to recreate the new rpm from the deltarpm and the old one. You don't have to have a copy of the old rpm, deltarpms can also work with installed rpms...

[SECURITY] Fedora 10 Update: deltarpm-3.4-11.fc10.1

A deltarpm contains the difference between an old and a new version of a rpm, which makes it possible to recreate the new rpm from the deltarpm and the old one. You don't have to have a copy of the old rpm, deltarpms can also work with installed rpms...