Google Chrome < 4.6.85.23 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.6.85.23. It is, therefore, affected by multiple vulnerabilities as referenced in the 201510stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to...

SUSE-SU-2025:02289-2 Security update for docker

This update for docker fixes the following issues: Update to Docker 28.2.2-ce bsc1243833, bsc1242114: - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.bsc1239765 - CVE-2025-22872:...

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

AZL-60492 CVE-2025-22872 affecting package ig for versions less than 0.37.0-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60568 CVE-2025-22872 affecting package multus for versions less than 4.0.2-8

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...

Microsoft Internet Explorer 11 Tree::Notify_InvalidateDisplay Null Pointer Dereference

Summary Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year. Description The crash is caused due to a NU...

PT-2018-8384 · Red Hat · Jboss Eap

Name of the Vulnerable Software and Affected Versions: JBoss EAP version 7.0 Description: The JAXP implementation used for SAX and DOM parsing in JBoss EAP is susceptible to certain XXE flaws. This could allow an attacker to cause a denial of service, server-side request forgery, or information...

USN-2735-1 oxide-qt vulnerabilities

It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...

Debian Security Advisory DSA 2075-1 (xulrunner)

The remote host is missing an update to xulrunner announced via advisory DSA 2075-1. OpenVAS Vulnerability Test $Id: deb20751.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2075-1 xulrunner Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Debian: Security Advisory (DSA-2075-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2075-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently...

DSA-2075-1 xulrunner - several vulnerabilities

Bulletin has no description...

DSA-1697-1 iceape - several vulnerabilities

Bulletin has no description...

MSN cross-site vulnerability analysis-vulnerability warning-the black bar safety net

As early as a few days ago, heard colleagues say,“friends msn send to a web page, enter the password, the results a few days later, the MSN password is wrong, could be stolen.” At that time also asked colleagues want the address, but he said address not found. A few days later a friend said to se...

Debian DSA-1615-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects...

Debian DSA-1607-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes i...

Debian: Security Advisory (DSA-1607-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...