Gwyn's Imagemap Selector Security Vulnerabilities
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. Notes Author|...
4.3CVSS
1AI Score
0.005EPSS
Hot or Not? The Benefits and Risks of iOS Remote Hot Patching
Introduction Apple has made a significant effort to build and maintain a healthy and clean app ecosystem. The essential contributing component to this status quo is the App Store, which is protected by a thorough vetting process that scrutinizes all submitted applications. While the process is...
-0.3AI Score
About the security content of iOS 9.2.1
About the security content of iOS 9.2.1 This document describes the security content of iOS 9.2.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn....
8.8CVSS
0.4AI Score
0.023EPSS
About the security content of Safari 9.0.3
About the security content of Safari 9.0.3 This document describes the security content of Safari 9.0.3. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To....
8.8CVSS
-0.2AI Score
0.008EPSS
0.1AI Score
7.1AI Score
0.3AI Score
Debian DSA-3402-1 : symfony - security update
Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2015-8124 The RedTeam Pentesting GmbH team discovered a session fixation vulnerability...
0.3AI Score
0.015EPSS
[SECURITY] [DSA 3402-1] symfony security update
Debian Security Advisory DSA-3402-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2015 https://www.debian.org/security/faq Package : symfony CVE ID : CVE-2015-8124 CVE-2015-8125...
6.6AI Score
0.015EPSS
[SECURITY] [DSA 3402-1] symfony security update
Debian Security Advisory DSA-3402-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2015 https://www.debian.org/security/faq Package : symfony CVE ID : CVE-2015-8124 CVE-2015-8125...
2.3AI Score
0.015EPSS
Debian Security Advisory DSA 3402-1 (symfony - security update)
Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within the...
-0.2AI Score
0.015EPSS
6.5AI Score
0.015EPSS
The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function...
6.8AI Score
0.0004EPSS
SUSE: Security Advisory for OpenSSL (SUSE-SU-2014:0761-1)
The remote host is missing an update for...
7.4CVSS
7.2AI Score
0.974EPSS
7.6AI Score
0.003EPSS
6.9AI Score
0.001EPSS
5.5CVSS
6.7AI Score
0.006EPSS
6.9AI Score
0.222EPSS
Here's What Facebook 'Dislike or Empathy Button' Would Look Like
A Facebook Dislike button is one of the most frequently requested features from users for years. Earlier in the last week, Facebook finally confirmed its plans to add a Dislike or Empathy to your Facebook Profile and News Feed. If you are thinking that Facebook Dislike is going to be a thumbs-down....
6.7AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
OS X Install.framework Arbitrary mkdir, unlink and chown to admin Group Vulnerability
Exploit for macOS platform in category local...
8.9AI Score
0.003EPSS
Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group
Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin...
AI Score
7.4AI Score
EPSS
Yesterday, China's first successful jailbreak the iOS team Pangu team discloses 3 present in the iOS 8.4.1 kernel extension at the vulnerabilities: a stack overflow Bug, an out of bounds memory access Bug, a stack overflow Bug. One of the“perfect”could be compromised all the kernel protection and.....
0.7AI Score
Apple MAC OS X < 10.9/10 - Local Root Exploit
/* osx-irony-assist.m * * Copyright (c) 2010 by <[email protected]> * * Apple MACOS X < 10.9/10? local root exploit * by mu-b - June 2010 * * - Tested on: Apple MACOS X <= 10.8.X * * $Id: osx-irony-assist.m 16 2015-04-10 09:34:47Z mu-b $ * * The most ironic backdoor perhaps in the...
6.6AI Score
(RHSA-2015:1679) Moderate: python-django-horizon security and bug fix update
OpenStack Dashboard (Horizon) provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: A cross-site scripting (XSS) flaw was found in the...
5.2AI Score
0.003EPSS
OSX Keychain - EXC_BAD_ACCESS Denial of Service Vulnerability
Exploit for macOS platform in category dos /...
7AI Score
7.4AI Score
Apple Mac OSX Keychain - EXC_BAD_ACCESS Denial of Service
Apple Mac OSX Keychain - EXC_BAD_ACCESS Denial of...
-0.1AI Score
AI Score
If we stand still, we go backwards
Recently, ppk claimed the web is going too fast in the wrong direction, and asked for a year's moratorium on web features. I was so angry I ran straight to a dictionary to find out what "moratorium" meant. Turns out it means "suspension". I got a bit snarky about it on Twitter, which isn't really.....
-0.7AI Score
Recent find someone in wechat group to share the video link when using the Apple device users click on this video link while a video is playing will cause the Apple device to restart. Found this problem after 360NirvanTeam core members@Proteas first time take samples for analysis, in a...
-0.1AI Score
Fedora 22 : drupal7-views_bulk_operations-3.3-1.fc22 (2015-11318)
7.x-3.3 See SA-CONTRIB-2015-131 Changes since 7.x-3.2: Fix security vulnerability, by AdamPS. Remove an entity_label() workaround that core no longer needs. Issue #2427381 by axel.rutz: Rules component lacks entity type Issue #2418751 by anrikun: Archive action fails ...
-0.2AI Score
Fedora 21 : drupal7-views_bulk_operations-3.3-1.fc21 (2015-11278)
7.x-3.3 See SA-CONTRIB-2015-131 Changes since 7.x-3.2: Fix security vulnerability, by AdamPS. Remove an entity_label() workaround that core no longer needs. Issue #2427381 by axel.rutz: Rules component lacks entity type Issue #2418751 by anrikun: Archive action fails ...
-0.2AI Score
[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities [-] Software Link: https://www.concrete5.org/ [-] Affected Versions: Version 5.7.3.1 and probably other versions. [-] Vulnerabilities Description: 1) The vulnerable code is located in...
-0.2AI Score
-0.1AI Score
Concrete5 5.7.3.1 Cross Site Scripting Vulnerability
Concrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting...
6.8AI Score
Debian DSA-3276-1 : symfony - security update
Jakub Zalas discovered that Symfony, a framework to create websites and web applications, was vulnerable to restriction bypass. It was affecting applications with ESI or SSI support enabled, that use the FragmentListener. A malicious user could call any controller via the /_fragment path by...
6.3AI Score
0.006EPSS
[SECURITY] [DSA 3276-1] symfony security update
Debian Security Advisory DSA-3276-1 [email protected] http://www.debian.org/security/ David Prevot May 31, 2015 http://www.debian.org/security/faq Package : symfony CVE ID : CVE-2015-4050 Jakub Zalas...
5.7AI Score
0.006EPSS
Debian Security Advisory DSA 3276-1 (symfony - security update)
Jakub Zalas discovered that Symfony, a framework to create websites and web applications, was vulnerable to restriction bypass. It was affecting applications with ESI or SSI support enabled, that use the FragmentListener. A malicious user could call any controller via the /_fragment path by...
-0.5AI Score
0.006EPSS
6.5AI Score
0.006EPSS
知道创宇安全研究团队 Evi1m0 :2015.5.7 概要 WordPress 被爆 DOM XSS 漏洞,数百万站点受影响,该漏洞存在于 WordPress 流行的 Genericons example.html 页面中,默认主题 Twenty Fifteen 及知名插件 Jetpack 都内置了该页面,经过分析发现原来是 example.html 使用了存在 DOM XSS 漏 洞的 jQuery老版本 。11 年 dmethvin 提交 jQuery 1.6.1 版本的 Ticket #9521 , 其原因是由 $() | jQuery() 预期的 CSS...
6.3AI Score
6.8AI Score
Apple Mac OSX 10.910 - Local Privilege Escalation
Apple Mac OSX 10.910 - Local Privilege...
0.3AI Score
7.4AI Score
RHEL 7 : qpid (RHSA-2015:0708)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0708 advisory. Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating Messaging, Real Time, and Grid functionality. It offers...
7.5CVSS
7.1AI Score
0.949EPSS
(RHSA-2015:0708) Moderate: qpid security and bug fix update
Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating Messaging, Real Time, and Grid functionality. It offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for....
7.5CVSS
7AI Score
0.949EPSS