Schneider Electric VAMPSET Local Memory Corruption Vulnerability
Vuln: Apple iOS/Mac CVE-2017-2391 Information Disclosure Vulnerability
Apple iOS/Mac CVE-2017-2391 Information Disclosure Vulnerability
Vuln: Microsoft Internet Information Services CVE-2017-7269 Buffer Overflow Vulnerability
Microsoft Internet Information Services CVE-2017-7269 Buffer Overflow Vulnerability
GLSA 201703-05: GNU Libtasn1: Denial of Service
GLSA 201703-07: Xen: Privilege Escalation
GLSA 201703-06: Deluge: Remote execution of arbitrary code
GLSA 201703-04: cURL: Certificate validation error
CVE-2017-1143
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.
CVE-2016-9737
IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.
CVE-2017-1142
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.