iPhones Vulnerable to Attack Even When Turned Off

Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication NFC and Ultra-wideband UWB technologies in the device, researchers have found. These features—which have access to the iPhone’s Secure Element SE...

Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains...

GLSA-201611-09 : Xen: Multiple vulnerabilities (Bunker Buster)

The remote host is affected by the vulnerability described in GLSA-201611-09 Xen: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A malicious guest administrator could escalate their privileges...

CVE-2015-3983

The pcs daemon pcsd in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to differen...