CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

Design/Logic Flaw

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

CVE-2016-1672

CVE-2016-1672 affects Google Chrome up to version 51.0.2704.63, where the ModuleSystem::RequireForJsInner function in extension bindings mishandles properties, enabling remote cross-origin bypass via unspecified vectors. Public advisories and vendor fixes (e.g., Chromium 51.0.2704.63) address the...

CVE-2016-1672

Removed by vendor...

RedHat Update for squid34 RHSA-2016:1140-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

chromium-browser: cross-origin bypass in extension bindings

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

squid security update

CentOS Errata and Security Advisory CESA-2016:1139 An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

squid security update

CentOS Errata and Security Advisory CESA-2016:1138 An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Zomato: Bypass OTP verification when placing Order

User can bypass the OTP verification needed while placing an order with a restaurant. User can give a random number and intercept the OTP request. If wrong OTP is provided then the error message shows the session code which is the OTP in this case. Hence that session code can be used to verify th...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...

Moderate: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...

squid: SegFault from ESIInclude::Start

A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...

Moderate: Red Hat Security Advisory: squid34 security update

An update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

squid: SIGSEGV in ESIContext response handling

An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack...

Moderate: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 6 : squid34 (RHSA-2016:1140)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2016:1140 advisory. The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP...

OpenNTPD Design Vulnerabilities

OpenNTPD is a network time protocol NTP for Unix systems that can synchronize a computer system's local clock with a remote NTP server. A security vulnerability exists in OpenNTPD that stems from a failure to validate the Common Name when the program is configured for HTTPS requests, which could ...