flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect
Monthly Archives: October 2016
CVE-2016-1000003
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code
CVE-2016-1000007
Pagure 2.2.1 XSS in raw file endpoint
VMware Releases Security Updates
Original release date: October 07, 2016
VMware has released security updates to address a vulnerability in Horizon View. Exploitation of this vulnerability could allow a remote attacker to obtain sensitive information.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2016-0015 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Waves Audio Service Privilege Escalation
Waves Audio Service suffers from an unquoted service path privilege escalation vulnerability.
BlueStacks 2.5.55 Privilege Escalation
BlueStacks version 2.5.55 suffers from an unquoted service path privilege escalation vulnerability.
Simple PHP Blog 0.8.4 Cross Site Request Forgery
Simple PHP Blog version 0.8.4 suffers from a cross site request forgery vulnerability.
Exagate WEBPack Management System SQL Injection / Information Disclosure
Exagate WEBPack Management System suffers from remote SQL injection and information disclosure vulnerabilities.
Ubuntu Security Notice USN-3091-1
Ubuntu Security Notice 3091-1 – A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
VMware Security Advisory 2016-0015
VMware Security Advisory 2016-0015 – VMware Horizon View contains a vulnerability that may allow for a directory traversal on the Horizon View Connection Server. Exploitation of this issue may lead to a partial information disclosure.