1085 matches found
chromium-browser: Cross-origin bypass in V8
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...
DEBIAN-CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
CVE-2014-4615
CVE-2014-4615 affects OpenStack components including PyCADF (0.5.0 and earlier), Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo. The issue allows remote authenticated users to read a message queue (v2/meters/http.reque...
CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
pycadf: token leak to message queue
It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the...
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
These updated packages fix the following security issues : - the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously...
Ubuntu Update for update-manager USN-1284-2
Ubuntu Update for Linux kernel vulnerabilities USN-1284-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN12842.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for update-manager USN-1284-2 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...
Ubuntu: Security Advisory (USN-1284-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : update-manager regression (USN-1284-2)
USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. We apologize for the inconvenience. David Black discovered that Update Manager incorrectly extracted the...
Ubuntu: Security Advisory (USN-1284-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Windows Gather Meebo Password Extractor
This module extracts login account password stored by Meebo Notifier, a desktop version of Meebo's Online Messenger. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Meebo Passwor...
CentOS 5 : kernel (CESA-2008:0233)
Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
POP Peeper mail notifier buffer overflow
Buffer overflow UIDL server reply parsing...
CentOS Update for kernel CESA-2008:0211 centos3 i386
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0211 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
CentOS Update for kernel CESA-2008:0211 centos3 i386
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0211 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
CentOS Update for kernel CESA-2008:0211 centos3 x86_64
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0211 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
kernel security update
CentOS Errata and Security Advisory CESA-2008:0233 Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
gcaldaemon-dos.txt
Secure Network - Security Research Advisory Vuln name: GCALDaemon Remote DoS Systems affected: GCALDaemon 1.0-beta13 all platforms Systems not affected: - Severity: Low Local/Remote: Remote Vendor URL: http://gcaldaemon.sourceforge.net/ Authors: Luca "ikki" Carettoni -...
Symantec Brightmail AntiSpam DoS
Large number of quarantined spam messages causes notifier service to crash...