OracleVM 3.2 : sos (OVMSA-2016-0078)

The remote OracleVM system is missing necessary patches to address critical security updates : - add patch to remove all sysrq echo commands from sysreport.legacy John Sobecki orabug 11061754 - comment out rh-upload-core and README.rh-upload-core in specfile - Strip passwords from grub.conf and...

DEBIAN-CVE-2013-2201

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 uploads of media files, 2 editing of media files, 3 installation of plugins, 4 updates to plugins, 5 installation of themes, or 6 updat...

JON: Incorrect delete permissions check

Red Hat JBoss Operations Network JON before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail...