Google Chrome Blink Content Misreference Vulnerability

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A content misreference vulnerability exists in the WebKit/Source/core/editing/VisibleUnits.cpp file in Blink used in versions prior to Google...

Design/Logic Flaw

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517...

CVE-2016-1413

The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517...

CVE-2016-1612

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.

The vulnerability of the ContainerNode::parserInsertBefore function in Google Chrome is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to circumvent existing access control policies by using specially crafted JavaScript code...

CVE-2015-0848

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted BMP image...

v8: information leak fixed in Google Chrome 38.0.2125.101

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive...

CVE-2014-1561

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...

CVE-2014-0322

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014...

CVE-2013-0981

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code...

Code injection

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code...

CVE-2013-0981

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code...

CVE-2011-4356

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryddetach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving...

PYSEC-2011-17

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryddetach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving...

CVE-2007-3800

Summary : CVE-2007-3800 affects Symantec Antivirus Corporate Edition (9.0–10.1) and Symantec Client Security (2.0–3.1). The vulnerability lies in the Real-Time scanner RTVScan component where, if the Notification Message window is enabled, a local attacker can craft code to gain privileges. The c...