Fedora 21 : php-udan11-sql-parser-3.0.4-1.fc21 / phpMyAdmin-4.5.1-1.fc21 (2015-5c06260c4b)

phpMyAdmin 4.5.1.0 2015-10-23 =============================== - Invalid argument supplied for foreach - arraykeyexists expects parameter 2 to be array - Notice Undefined index: dropdatabase - Server variable edition in ANSIQUOTES sqlmode: losing current value - Propose table structure broken -...

Fedora 23 : pacemaker-1.1.13-3.fc23 (2015-f9864ecd8f)

Security fix for CVE-2015-1867: issue allegedly present in pacemaker-1.1.12, fixed in pacemaker-1.1.13. pacemaker-1.1.13-3.fc21,22,23 - Update to Pacemaker-1.1.13 post-release + patches sync - Add nagios-plugins-metadata subpackage enabling support of selected Nagios plugins as resources recogniz...

Fedora 22 : pacemaker-1.1.13-3.fc22 (2015-f6860d8f9d)

Security fix for CVE-2015-1867: issue allegedly present in pacemaker-1.1.12, fixed in pacemaker-1.1.13. pacemaker-1.1.13-3.fc21,22,23 - Update to Pacemaker-1.1.13 post-release + patches sync - Add nagios-plugins-metadata subpackage enabling support of selected Nagios plugins as resources recogniz...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2016-01144)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 44.0.2, which stems from a failure of the program to properly restrict interactions between Service Workers and plugins. The...

Apache Solr webapp/web/js/scripts/plugins.js cross-site scripting vulnerability

Apache olr is an enterprise-ready, Lucene-based search server. A cross-site scripting vulnerability exists in webapp/web/js/scripts/plugins.js in the stats page of the Admin UI in Apache Solr versions prior to 5.3.1. A remote attacker can inject arbitrary web script or HTML via the entry paramete...

Firefox < 44.0.2 Service Workers Security Bypass

The version of Mozilla Firefox installed on the remote Windows host is prior to 44.0.2. It is, therefore, affected by a security bypass vulnerability due to improper restriction of interaction between service workers and plugins. An unauthenticated, remote attacker can exploit this, via a crafted...

FreeBSD : firefox -- Same-origin-policy violation using Service Workers with plugins (172b22cb-d3f6-11e5-ac9e-485d605f4717)

The Mozilla Foundation reports : MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a servi...

Cross site scripting

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...

CVE-2015-8797

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...

Mozilla Firefox Security Bypass Vulnerability (Feb 2016) - Mac OS X

Mozilla Firefox is prone to same-origin policy bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mozilla Firefox Security Bypass Vulnerability (Feb 2016) - Windows

Mozilla Firefox is prone to same-origin policy bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

DEBIAN-CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

Design/Logic Flaw

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

firefox: same-origin policy bypass

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

Same-origin-policy violation using Service Workers with plugins — Mozilla

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

CloudBees Jenkins CI and LTS Request Forgery Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A reque...

CloudBees Jenkins CI and LTS Plugins Manager Arbitrary Code Execution Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . CloudBe...

CloudBees Jenkins CI and LTS Plugins Manager Security Bypass Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A...