kernel: futex: pi futexes requeue issue

A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system...

kernel: futex: pi futexes requeue issue

A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system...

kernel: futex: pi futexes requeue issue

A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

openSUSE Security Update : lighttpd (openSUSE-SU-2014:0072-1)

added cve-2013-4508.patch and cve-2013-4508-regression-bug729480.patch: bnc849059 When defining an ssl.cipher-list, it works for the 'default' HTTPS setup $SERVER'socket' 443 block, but when you utilize SNI $HTTP'host' blocks within the $SERVER'socket' block the ssl.cipher-list seems to not...

Threat Outbreak Alert: Fake Inheritance Notice Email Messages on April 21, 2014

Medium Alert ID: 33867 First Published: 2014 April 21 17:33 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an inheritance notice for the recipient. The text in the email message attempts to convince the recipient to ope...

SuSE 11.3 Security Update : Samba (SAT Patch Number 9010)

"The Samba fileserver suite was updated to fix bugs and security issues. The following security issue have been fixed : - No Password lockout or ratelimiting was enforced for SAMR password changes, making brute force guessing attacks possible. CVE-2013-4496. Also the following feature has been...

Character encoding cross-origin XSS attack — Mozilla

Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encodings across navigations into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue...

The story of MS13-002: How incorrectly casting fat pointers can make your code explode

C++ supports developers in object-orientated programming and removes from the developer the responsibility of dealing with many object-oriented programming OOP paradigm problems. But these problems do not magically disappear. Rather it is the compiler that aims to provide a solution to many of th...

[SECURITY] Fedora 18 Update: nodejs-inherits1-1.0.0-11.fc18

A tiny simple way to do classic inheritance in JavaScript. This is the legacy version used by many Node.js modules for many years, and is retained for backward compatibility. New modules should use the inheritance functionality available in core Node.js or use the new version of inherits if they...

CVE-2013-1695

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element...

CVE-2013-1695

Concretely, CVE-2013-1695 affects Mozilla Firefox before 22.0 and is caused by incorrect DocShell inheritance handling of the sandbox attribute on IFRAME elements. This weakness allows a FRAME inside an IFRAME to bypass intended access restrictions. The MFSA reference confirms the issue as Sandbo...

Mozilla Firefox Multiple Vulnerabilities - June 13 (Windows)

The host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillafirefoxmultvulnjun13win.nasl 6086 2017-05-09 09:03:30Z teissa $ Mozilla Firefox Multiple Vulnerabilities - June 13 Windows Authors: Arun Kallavi Copyright: Copyright c...

Struts2 vulnerability analysis of the Ognl expression characteristics of the initiator of new ideas-vulnerability warning-the black bar safety net

A, summary In Ognl expression, it will be in parentheses“”contains the variable content as a Ognl expression execution. Ognl expressions of this characteristic, triggering a new attack ideas. By the malicious code is stored into a variable, and then call in Ognl expressions in the function that...

Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnnov12win.nasl 5977 2017-04-19 09:02:22Z teissa $ Mozilla Firefox Multiple Vulnerabilities - November12 Windows Authors: Rachana Shetty Copyright: Copyright...

XMLHttpRequest inherits incorrect principal within sandbox — Mozilla

Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery CSRF or information theft via an add-on running untrusted code in a sandbox...

Data URIs can be used to facilitate Cross-Site Scripting – Opera Security Advisories

Data URIs are only supposed to inherit the scripting origin from the site that creates them, such as by including them as the target of a link or an inline frame in the source of the document. Specific sequences of document and data URI loading can cause Opera to forget which document created the...

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

Microsoft .NET Framework / Silverlight类继承限制漏洞(MS11-078)

CVE ID: CVE-2011-1508 .NET Framework是用于Windows的新托管代码编程模型，用于构建具有视觉上引人注目的用户体验的应用程序，实现跨技术边界的无缝通信，并且能支持各种业务流程。Silverlight 是一种新的 Web 呈现技术，能在各种平台上运行。 Microsoft .NET Framework和Microsoft Silverlight在类继承的实现上存在安全漏洞，恶意用户可通过特制的网页利用此漏洞控制用户系统。要成功利用，需要浏览器可以运行XBAPs或Silverlight应用程序。 Microsoft .NET Framework 4.x...