CGA-MHJ6-6MJC-5R44

Bulletin has no description...

DEBIAN-CVE-2016-6127

Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified conten...

Mozilla: CORS preflight is bypassed when non-standard Content-Type headers are received (MFSA 2015-127)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack...

Mozilla: CORS preflight is bypassed when non-standard Content-Type headers are received (MFSA 2015-127)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack...

CVE-2015-0862

Multiple cross-site scripting XSS vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 message details when a message is unqueued, such as headers or arguments; 2 policy names, which a...

Code injection

Opera before 11.60 allows remote attackers to cause a denial of service CPU and memory consumption via unspecified content on a web page, as demonstrated by a page under the cisco.com home page...