Debian Security Advisory DSA 3731-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5181 A cross-site scripting issue was discovered. CVE-2016-5182 Giwan Go discovered a heap overflow issue. CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. CVE-2016-5184 Another...

CVE-2016-6708

An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or...

Acunetix v11 - Web Application Security Testing Tool

London, UK – November 2016 – Acunetix, the pioneer in automated web application security software, has announced the release of version 11. New integrated vulnerability management features extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats –...

Samsung Note Device Integer Overflow Vulnerability

The SamsungNote is a smartphone released by the South Korean company Samsung.KK is a reactivation locking module that runs on... An integer overflow vulnerability exists in SystemUI in KK version 4.4 and L5.0 and 5.1 on SamsungNote devices. An attacker can exploit this vulnerability to cause a...

KLA11272 Multiple vulnerabilities in Mozilla Firefox

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information and spoof user interface. Below is a complete list of vulnerabilities: 1. A heap buffer overflow...

UBUNTU-CVE-2016-9119

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

KLA10900 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Browser c...

CVE-2016-6451

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066...

CVE-2016-7160

A vulnerability on Samsung Mobile M6.0 devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248...

CVE-2016-5920

Cross-site scripting XSS vulnerability in the Web UI in IBM Financial Transaction Manager FTM for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

IBM TRIRIGA Application Platform Cross-Site Scripting Vulnerability

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:2597-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications Cross-Site Scripting Vulnerability

IBM Multi-Enterprise Integration Gateway MEIG and IBM B2B Advanced Communications are both products of IBM Corporation, U.S.A. IBM MEIG is a cross-enterprise integration communications gateway product.IBM B2B Advanced IBM MEIG is a cross-enterprise integrated communications gateway product.IBM B2...

IBM Business Process Manager Advanced Cross-Site Scripting Vulnerability

IBM Business Process Manager Advanced is a unified platform for analyzing and improving business operations. A cross-site scripting vulnerability exists in IBM BPM Advanced versions 8.5.6.0 through 8.5.7.0. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into...

CVE-2016-5974

Cross-site scripting XSS vulnerability in the Web UI in IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string...

CVE-2016-5944

Cross-site scripting XSS vulnerability in the Web UI in IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string...

CVE-2016-3006

Cross-site scripting XSS vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003...

CVE-2016-3001

Cross-site scripting XSS vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3003 and CVE-2016-3006...

IBM Security Privileged Identity Manager Virtual Appliance Cross-Site Scripting Vulnerability

IBM Security Privileged Identity Manager is an identity management product within the IBM Identity Governance and Management solution that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security. IBM Security Privileged Identity...

Cisco Prime Home XML External Entity Injection Vulnerability

Cisco Prime Home is a standards-based remote management and configuration solution. An XML external entity injection vulnerability exists in the Web-Based user interface of Cisco Prime Home version 5.2.0. A remote attacker could exploit this vulnerability by sending a specially crafted XML file t...