XSS in pull request inbox

A potential XSS issue was identified in the pull request inbox, and has been fixed in Bitbucket Server 4.12.1...

UBUNTU-CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

openSUSE Security Update : python-Jinja2 (openSUSE-2016-1159)

This update for python-Jinja2 fixes the following issues : Update to version 2.8 : - Added target parameter to urlize function. - Added support for followsymlinks to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Chang...

[SECURITY] Fedora 24 Update: pagure-2.3.4-1.fc24

Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects...

[SECURITY] Fedora 24 Update: pagure-2.2.2-1.fc24

Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects...

Kallithea Elevation of Privilege Vulnerability

Kallithea, a project under the US-based Software Freedom Conservancy organization, is a free source code management system. The system supports Mercurial and Git version control systems, hosting code, managing access control, and more. Kallithea suffers from an elevation of privilege vulnerabilit...

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

DEBIAN-CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

PYSEC-2016-29

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

PYSEC-2016-29

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

UBUNTU-CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

Tractor Pull - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Tractor Pull published at the 'play' market has multiple vulnerabilities...

PULL&BEAR - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application PULL&BEAR published at the 'play' market has multiple vulnerabilities...

Pull Ups Workout - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Pull Ups Workout published at the 'play' market has multiple vulnerabilities...

Runtastic Pull-ups Workout - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Runtastic Pull-ups Workout published at the 'play' market has multiple vulnerabilities...

Internet Bug Bounty: Integer overflow in wordwrap

https://github.com/php/php-src/pull/1738issuecomment-174260748...

Authentication Bypass

Overview Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later. References - Issue 111 - PR 112 - GitHub Advisory...

The vulnerability of the HP Access Control system allows a perpetrator to gain access to protected information.

The vulnerability of the Secure Pull Print and Security Pull Print components of the HP Access Control printing management system is related to code errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information...

Mike Mimoso and Chris Brook Discuss how the a Campaign Using the Angler Exploit Kit was Disrupted and More of the Week's News

Mike Mimoso and Chris Brook discuss the week in news–including how researchers disrupted a $30M campaign using the Angler Exploit Kit, how another researcher was forced to pull a talk from a conference, and how a practical SHA-1 collision could be months away, not years. Download:...