654 matches found
CVE-2016-8227
CVE-2016-8227 affects Lenovo Transition, a program used on Lenovo Yoga, Flex and Miix systems running Windows. The vulnerability enables local privilege escalation, allowing a user with local access to execute code with elevated (administrative/system) privileges. The issue is documented across m...
CVE-2016-8227
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges...
Lenovo Transition Local Elevation of Privilege Vulnerability
Lenovo Transition is a program from the Chinese company Lenovo that is used to set whether or not video pictures, etc. are automatically full screen in different modes. A local elevation of privilege vulnerability exists in Lenovo Transition. An attacker could use this vulnerability to execute...
openSUSE Security Update : pacemaker (openSUSE-2016-1447)
This update for pacemaker fixes the following issues : - remote: Allow cluster and remote LRM API versions to diverge bsc1009076 - libcrmcommon: fix CVE-2016-7035 improper IPC guarding bsc1007433 - sysconfig: minor tweaks typo, wording - spec: more robust check for systemd being in use - spec:...
SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
The remote service uses a known CA certificate in the SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g., MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks CVE-2004-2761, for example. An attacker can...
Sleipnir for Mac vulnerable to URL spoofing
Overview Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Some UPM or WEM Agent parameters may not be applied by the agent after switching from GPO settings to Workspace Environment Management settings.
Symptom 1: WEM Policy/Settings are not applying, and the old Citrix Profile Management items are applying instead Symptom 2: WEM Policies are not applying to the WEM Agents...
UBUNTU-CVE-2016-5187
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox URL bar via crafted HTML pages...
Debian Security Advisory DSA 3688-1 (nss - security update)
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of da...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
UBUNTU-CVE-2016-5174
browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...
chromium-browser: popup not correctly suppressed
browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...
[SECURITY] Fedora 23 Update: kf5-kdelibs4support-5.24.0-1.fc23
This framework provides code and utilities to ease the transition from kdel ibs 4 to KDE Frameworks 5. This includes CMake macros and C++ classes whose functionality has been replaced by code in CMake, Qt and other frameworks...
When JIRA project has a security scheme, the option "None" is not displayed in Crucible
h3. Summary Whenever a JIRA project has a Security Scheme defined, and a workflow transition has at least one required field, a window is opened in JIRA side so that the required field/s are selected. Among the fields displayed in this window there will be the "Security Level", in which the...
DLA-521-1 firefox-esr - security update
Bulletin has no description...
Debian Security Advisory DSA 3600-1 (firefox-esr - security update)
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That OpenVAS Vulnerability Test $Id...
Leaked DNS Query Detection - ISATAP Request (IPv6)
Binary data 7203.pasl...
JVN#26026353: WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. While the...
[SECURITY] default-java switch to OpenJDK 7 and java-common update
Package : java-common Version : 0.47+deb7u1 In preparation for the upcoming default-java switch to OpenJDK 7 on 26 June 2016, the java-common package was updated to inform users about the intended change. The news will be automatically shown, if apt-listchanges has been installed on the system...
Drop support Windows Quicktime plugin from Confluence multimedia plugin
The US Govt is recommending users should uninstall Quicktime for Windows http://krebsonsecurity.com/2016/04/us-cert-to-windows-users-dump-apple-quicktime/ In order to assist users transition we need to drop support for Quicktime plugin from Multimedia plugins and use the "video" tag instead...