In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.
Category Archives: Security
Security
CVE-2017-0888
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the “files” app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.
python-django-1.6.11.6-1.el7
Update to the latest Django 1.6.11.6 security release
xen-4.7.2-5.fc25
Qemu: 9pfs: host memory leakage via v9fs_create [CVE-2017-7377] (#1437873)
x86: broken check in memory_exchange() permits PV guest breakout
[XSA-212, CVE-2017-7228] (#1438804)
Thousands Of Uber and Lyft Drivers Fail Background Checks
Smart Garage Door Retaliates Against User Who Complained
Company Offers Body Cameras To Every Cop In The U.S.
CVE-2016-3015
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.
CVE-2017-1180
The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084.
CVE-2016-3031
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.