Red Hat Security Advisory 2016-2116-01 – OpenStack’s File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui’s Metadata field contained in its “Create Share” form. A user could inject malicious HTML/JavaScript code that would then be reflected in the “Shares” overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
Monthly Archives: October 2016
Red Hat Security Advisory 2016-2115-01
Red Hat Security Advisory 2016-2115-01 – OpenStack’s File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui’s Metadata field contained in its “Create Share” form. A user could inject malicious HTML/JavaScript code that would then be reflected in the “Shares” overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
Red Hat Security Advisory 2016-2117-01
Red Hat Security Advisory 2016-2117-01 – OpenStack’s File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui’s Metadata field contained in its “Create Share” form. A user could inject malicious HTML/JavaScript code that would then be reflected in the “Shares” overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
Boonex Dolphin 7.3 Authentication Bypass
Boonex Dolphin versions 7.3 and below suffer from an authentication bypass vulnerability.
Adobe Releases Security Update
Original release date: October 26, 2016
Adobe has released a security update to address a vulnerability in Flash Player. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB16-36 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
XNU task_t Privilege Escalation
task_t should be considered harmful and can lead to many XNU elevations of privilege.
CVE-2016-8501
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.
CVE-2016-8502
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
CVE-2016-8503
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
CVE-2016-8504
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.