DELTA 451877 0 30123 SVNfJ@v}-LXx^An E)1qRY* -4L0|4MWdzLh6 ٰD*˧R֨+x V-*{jQ֑#o 1 tvdrvPwYǛȻЏwwC2h#@ԑ(p>MYJt4Ŧ#8iz&ւ`UZP7kqJiM&\G%K0Q2!KxsSD-|Nʾ`$q#5B~ K~y@g_$wx^Rn0<_aqw@!\**q*ڻ։]AЯC }R}z<5x ʴ5:A+@Z@y4$-iY:M._RI!!DT8DjvG< Hك;^ tʝ8K), (w:>B{%\TlRp.d r\ 3jU^M`::y2ր"cg9dxyL4`9:wLjv8$4_ԡѱHr}Y!Uqv1 t qӵS)z{< (Ԭ=? ~{ ;m8W)?* g&/%cs Jv~Rj&q3x^Qn 2ClxivZp[;dw==ȊkeF\Z$wrO4:ϣhlm9]Chcyv 4>mm4mRixR2&!0!щP8U~ pwT8^ջeAة< 1SD3Y Qu+V]^ĝ0 T\*/={DqB^CaO|t(Rl1&%oAk]h6bTv{ަS|Ic* ӟ`߱E ` W$Wx^An0E=dlC('Խ 0 -/i(x5~F6@j(z{E)O O;6)$m+QMκQDD Ugrٻ:߇DcL6{WOPyƥS.1r3`tk`|k 'q"(o>픡B5xr9G5)Onc/r3tTV?*FS=*ۘ&GmX<)p>E9|A3rPUʭT1SDA (p.7[.(7#+خY; 9jl FӴ-%2L[Cl_FNU==l e!$> 4%i$WNg78tI~[/){g the register source.

A malicious guest can modify arbitrary memory, allowing for arbitrary code execution (and therefore privilege escalation affecting the whole host), a crash of the host (leading to a DoS), or information leaks. The vulnerability is sometimes exploitable by unprivileged guest user processescvename>CVE-2016-938355555120d-ba4d-11e6-ae1b-002590263bf5"> xen-kernel -- guest 32-bit ELF symbol table load leaking host datage>4.7P&}Dt>4$kx^n0E#M%r'M_;@*Kfc^b[%WQq4JlL^֨Yţ ɈKۇ^SrTPJTY߇>Z4fi:.&$łL1fq׃g]I]yBe Q;p)r~0; |Eu3vK>*{s \._AcUjkfNe7߻"paq>23B OMK& C rVhBGg-LY. :5i, ʢ#X$k D"!M;uR|rPxt@ x^}Pn0<[_1dRq(mA/A+TU }WN,Ѳ y:A~c_|- ^(\  !2xn0 I(e zKU4 ZL{0̒>b^9wwz !.DJsF-f4"1A68kGbֹ*UHuUI.=oz_V[H2;Y8lx8եf[ï|67{qԪ}yw0x[{!N0!<'0_dNF>U!3zq[J}CBg TEy >jVwWoZG %dj^gkJ@v?D$>x^]k0_qngjh`B.XEcQE$٥~VvV7z8y#ʪl1z:>FE<})2rJB clyƖqTA *o.4%-BA8HU͂ F,iMGh42jrEpfiҬY^+)fy/F|W(vjvCmUQeԖBF^@v$*jRM z AIWM0!]0~EYWEY7Ӗy_^aȓ~!G% /z1zr( D*A NQ\92+dV7C_9L*qDNS^E+q;W_2Ua)+WReR2Sjm!7M6WnvҊ~>|B#m>laT"!Fx@$dx^OO@)FRC -j""ȡzLYnQ}69DT_v={&9ԓ0RuzRz4kJI~1+ 0<) i|1i=c| 縃%a 1\y'U#}9eQl|ϭ_W[i|>3KSsU5ArbΡhhȰı+X:AhmDsi/61\jB /CORbec4({ nf9/ D}ӧo92ۆ=ؓ h%=]c l ?1XXOerU #)F ^|:{rBl~SOجA!=,~3N;Jw-Nx^P[n0.@ob1KJ 2) T)R[[1;3^ 1-wG,MXT;}V4Ȟqd($\LI*L*;&7|G(fi"X$(gf,@FB'^uOd UU? M0t{S:RIi 5nK2(6 ]Z'̤",rnаTm%/X\G&Vk wkyG A^=$~x^RN@>RE(z^ukͬy:K|Yi1!\Md&zdz9W'%ߟ.rB=z,cGYmf |waxcKnD!zG(RKLX瀘RzǜZGā +-}v|6?vv</r"ˀ*<)Z,_=B~zSW~jp:618-20150602-core-remote-code-execution.html">

[20150602] - Core - CSRF Protection

Lack of CSRF checks potentially enabled uploading malicious code. 397618-20150602-core-remote-code-executiondeaba148-7ac5-11e5-b35a-002590263bf5"> Joomla! -- Core - Open Redirect v0.03.4.2ѠuOwvbO;e$Hx^őN0 gЄ4Jhp&qwS&]nY'tYCWˋO=\mSJXp4P9Z.~PȮS=և)vRHfר}pRHyE)$NSضW@9To3~ g9syGCuB|ZcσZ_^4C{ta_%#DCdzlԘG `,әYb|OEDGaݣ2$0އ zK5PWnwΘkwmjox ZK&1b k@tQ{rMfc0ئa(V <9?>wo 5jw_j KP@kJ|v@Q$Lx^Rn 1؉/QսC  j}mbU[YZ^0qcl83BaqyOK=T^{oTT dݙ:P PrH+2EZh XվULAΣfdby8i>!M08BhsEf('Ct My\S 1$8m%mYBg-ol#0ox't9W>OXD#h?u߆˥ibo~#+ W":/nX[arsH:9#k:v|} XN=D?kp'}\x^ERn0 =/_Au;MbذCZQ$Md_?*N3(=Q*nyHJ&1DW]o6jv>_?$6=AjGNfO2ބ8EĉH9DҐ<00ł!Ds`2t; C̦i e4Xy TTaa5M i+z2ퟁX0"ef28N2$ˮ2@r"%)CZԳx31ݦR5O1qS+d&ʧu.٬RV^TNΧ!6TEj&|i`];a`盚[.upYTeVVAgͅ+`T*|3M `K㖜>`:LyMJ\$^$)Gx#nH~WpOWjޔIDtRViC1%N$F{B?knw#$Las patched with a mitigation in 4.3.25_2. CVE-2014-6277 CVE-2014-627827 2014-10-01

With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This vulnerability can be triggered $ut@yN$x^RMo0=bsݨH=3㡶)&Jz(%{oa3/mv:+smsܖݏH~kd6/kvucX#'vj+WW;j>RdcSqTk-צ ~S~SBtJLL:EOC_Pb˗H 7(=k3b8 D< ,  ,p&iOh0Tc;14mq,i:6-G^K+y,%F~M.yWF`@ R"P!-_ZqvO,"N 2013-11-15 2013-11-25

The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363. 2013-06-14 2013-06-18 owncloud -- Multiple security vulnerabilities owncloud 5.0.7

The ownCloud development team reports:

ɨ6)AWؠn0F=0ϺwDZ)]ǿOW!84IJ;ԡ 䮱ܖ%O߼Xa (BSzYn?g) azO#^v+bxlbq;Kަ4/g>hUx01?A@m#8ILa#տ"!\@s2;C?\v@$39 http://tomcat.apache.org/security.html http://tomcat.apache.org/security-5ca26574-2a2c-11e2-99c7-00a0d181e71d"> tomcattomcat 6.0.06.0.36 7.0.07.0.28The Apache Software Foundation reports:

The checks that limited the permigk{?v$ax^uOo0 zji7C?@v4hȒ&uO?:Nn|ӣX4~p5zKAUج@O>{S8i*pN[ +,ώlTh{V2Lz5x!0,twމZ.}bk1Tw(2u~,?r}݇\9_Mx{+|ch+'Agg'㠿w4{`PRcq_4 PE?&;2{fiꂠ!X8w43^:%g{cs6c>S Wk;CX:L}J\=#A7bUk^DUNKRwL%_\j`ө>Р-}dXYW=#KwvZ[)1@ӌGQơo4Ap1vl:541vN9Odȉ^;RәI#>l=I{JzI{I{I{I{I{I{Mv@WMj2012/mfsa2012-25227282930313233.html 2012-04-24 2012-04-24 Dokuwiki -- cross site scripting vulnerability dokuwiki 20120125_1!ENrv?N>J$Jx^R=o0_q)ZҴ@ХȓD&NKZNPx(‰|xxhdEvP  4hێ^J 5ǐxiN9%mÐkJч[qd#aZTժEhv6uɄ=vUUUӾo<|ƙ˻h#6W,rj1J)*qwZ[wͺZ8Dg?ܫ)xFoϞzEC6[nrTQ;Q&1F#4/1>,ʼSxb!.g; gMxۈ / C)e5L i 4!) n(K hfm^ةp"Lc]vBC|jGÈL燣;hoĂ9R}v/j=DmCDMGD@D@D@D@D@D@D@D@D@d@kusing WebGL textures

MFSA 2011-26 Multiple WebGL crashes

MFSA 2011-27 XSS encoding hazard with inline SVG

MFSA 2011-28 Non-whitelisted site can trigger xpinstallurl>http://www.mozilla.org/security/announce/2011/mfsa2011-19.html1`@v$x^RMo0 =7)I׏/λq%"KDgݿ'vA)=>~44.MDe=+6몧\uw[=v`q$~1vPU c:AXӭk(#FJ;?js=&(ImΞ&$٬Q|vH8Qcv>q"Èy|V*%:^aP}w򛢮}caL8 : :!'J3$a#;C/u9ItH!EFb=94OgF?c,:-"LD}IlSn/Z2XrL"!Ja9SO, IX2.I!]p$p8cDQt/;0%pU>jf_߁ 9;N?6U;DV6V6s1>x^MRMk0<'bQl&4i! mI赬-"k]Ivp}W5*)@3X;rv&HR\Bs}Xn,`"X#0HGxl7)mhtEh0pvWl)jMqU9 z+ nZ{46^:l^IC4:Okl{tV[fUioaǖ|Rۧ1&)HcOӯo?ޗucpU98xfh&9ngeכe@^2 le?kyˬXZdSӊm۶n/myУ!#ΙNo]SUMi-_Rnz*BE]+,EUmwۍj+;WN.'(h'C.q)i`Yuq,dbPuvqb2-y^t6eU s6%ERHA?&Ȁ/.C?D>C?C?C?Gc1-$)x^n d8 zD}m7&݃d71 rV]4+g,><18]alm}Lm+"ok9x 3k`5LӋdo:ۛ|o=:Óy-H:B;,TUp6q8 jUoIGs8(tU˹\6+&hS%Mhը1YQ,\NiY J3.|:Πb[@l$x^j@V 1PZ\r?ZWbOYŁ@)nj~stf tӠ>mň 8x?3œ% ikl G }d zF F&# /@3YT#~1t2!N8X$-s+0 JNXSǀD#VdT&;ٲT% (cBZ6 rO@bbZ?<t1"Q,.c+ܫ<z߭Y0#(658ڕ˷%n8 =6̽ϕg x/Q8p͙`0)?»W_阡oE _ȁm'`puA@~v~OUx^MRn0<'_,׎0>Ksh)rD\w%Nxcfvw%9:w cHj}0oJ x/tZf4J\YY[k`2͟B.CLa@XR{hKaሩLu%G2@F:|13 6 s@J"C; D^G7p=!xQM r=2H7L`}`"xsw=ѩuthprt`MLHuZ.80Xϡ/~wڝe/#X4Cv}\x "}Aϔiw IM}^ܕI8PKq݅8Za>rW~šB",dU1;MDj_hI¼Jvq B-1X䥬s%Z~&{uK;kOz)D=E}$Sx^Qn0<_ȡD3v]YB$>h{,(q-,VҖ[PB.wfvv/ܒV/(Z!8 .T1 1x@Sߑ ( `g3i2GoWY9kȁ?>uB.'P*@i=H[LN*v@PȬm9(JS)`*mYk[~YP}Z,y*IS*/6Zr=pS6V#tvR';It;M}wOPve!6mv}g(EF=ѩ+i6tъp7L>(=:% {p˝;<.;L`>bX Η9Gd9)jtrZ,|(thDzZN5

# echo "debug.mpsafenet=0" << /boot/loader.conf SA-05:13.ipfw05-07-06 bzip2 -- denial of service and permission race vulnerabilities bzip2 1.0.3_1J0_?J@ R.fM8]3v=y$Hd: Disable Javascript983.html https://bugzilla.mozilla.org/show_bug.cgi?id=288688 2005-04-011f2fdcff-ae60-11d9-a788-0001020eed82"> firefox -- arbitrary code execution in sidebar panel3339.html">

Sites can use the _search target to o Y\$\x^SKs0>ïɅNLɄ0.лg-cY+~=RdG=lvmG?9|$Z1ұ=%ֻݾ1S,N{!=}^ޛ]ӸLP wkzTW7M!m.@T~;[$4Y줒 RFQtgG}y-PCG@FL &TRH qD vy?$=i9S"9},1;EH裵)O/E5G YgY֣= ?iu cM:TWYTF{~;#aSSؐT ./l{Q)],yTiJ+H┢92OKJ2j, oYمAyubܽFoEt^ZT 5r_z)f\W뻏jsWmnW -n l[:L-~GS$#ea<<U6,xuG@$gx^ERM = 2@f?+*U怓%IvK2;O89S$kG{;S* A$0FJqÀjt SoѕlBq=ǁ#lkj)Y5>˲z--MЉWBxCȀb.6 X  Eg 1A4 o[rc +Eq&|ly6BɂTUy&F>f'x^RMO0 =_a%mP4!8 >Sm0~=ry%.*]OHtN%ޞ$#tC.k0%mWZy{Q (8(łۼl'z}_}*EcNhlE]mw!SmZ3 {,W =byzNJ'9D}nؒ<ڄEZ,bwfOSN!Y`)AIׂsoSAǕg1#s,JIVkEEJIX)˴7YWw@8oUy@Zqjp_w~sDCNT8:vD$Dx^eRn0<_9zډ`-z) m \YD)QதKZv}(/$3ZAz2 :$'3Zw#$ђ+yn%rF ڐF褱Q$켦TdC^"!) :qpO#1y@ }CIφI?"Sj %no_Hm2lP0.U|4N={rgE7#֤_ s^E ҵ\-&j;ݫ7`vIϪ">^IQCR?!swJչ|*7׎N./=C<e>'мnB^dӠAO?1֋ӿnEx^#,WEO䬍jfB؄__ AHbo⿟UvRCHw=?rubx^Rn0 =7_AdJvf`Xw(v讫,ю0G$ى~rlvH>T'd]a%,77#]zA/^B),XdA6%#jz87Ml u2BHm67CZ2#8!Ճv+N;HᾍKiJ2K?^gT}4h|;xz4TL LPwVƠqyѣU*Net]Jj8|!1Fn]5my}t:ecC# I3۟IH$ }#1o)I|59 :.ۯikT7˹ǂmyisΖ<ȪJ*r3oe}~  gXvኝ31ô* i!-Ctx^y?],Ϙ-