Cumulative Update for Windows 10 Version 1607 and Windows Server 2016: December 9, 2016

Cumulative Update for Windows 10 Version 1607 and Windows Server 2016: December 9, 2016 Summary This update includes quality improvements for Windows 10 Version 1607 and Windows Server 2016. No new operating system features are being introduced in this update. Key changes include: Improved the...

CVE-2016-5193

Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages...

UBUNTU-CVE-2016-5207

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page...

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain. For an attack to be...

The vulnerability of the Firefox browser allows a malicious attacker to compromise the confidentiality and integrity of protected information.

The vulnerability in the implementation of XrayWrapper in Mozilla Firefox allows malicious actors to bypass access restrictions by using a specially crafted web page, provided that the user visits it through a debugger. This enables operations such as unwrapping and calling DOM methods on unwrapp...

Hippo CMS: source code security analysis report

Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document...

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

The Google Chrome browser contains a vulnerability related to incorrect checking of the render state during the focus event in the object model of the document DOM implementation of Blink for Google Chrome. Exploiting this vulnerability allows malicious actors to cause service failures or otherwi...

The vulnerability of Google Chrome browser allows a malicious individual to execute arbitrary code or trigger a service denial.

The Google Chrome browser contains a vulnerability related to errors in memory management after the release of memory in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp of Blink for Google Chrome. Exploiting this vulnerability allows malicious actors to cause system...

Symantec Endpoint Protection Manager and Client Design Vulnerability

Symantec Endpoint Protection SEP is a suite of antivirus software from Symantec Corporation. The software provides security across physical and virtual systems.SEP Manager and Client are the management and client software. A design flaw exists in the management console of Symantec Endpoint...

Enonic XP: source code security analysis report

Several vulnerabilities were discovered in Enonic AS 'Enonic XP' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из недоверенных источников HttpOnly...

LogicalDoc Document Managment System CE: source code security analysis report

Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

Apache Apex: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Apex' software: Using XSL Transformation to Execute Any Code Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources HttpOnly Cookies Incorrect User Input Filtration wh...

Apache Camel: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.

The vulnerability of the Google Chrome browser’s DOM component is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent existing access control policies by using a specially crafted website...

Google Chrome DOM Homology Policy Bypass Vulnerability (CNVD-2016-01234)

Google Chrome is a popular web browser. Google Chrome's DOM implementation process fails to properly handle the execution order of frame-attach and frame-detach operations, allowing remote attackers to build specially crafted Web sites to bypass the same-origin policy...

jenkins: password exposure in DOM (SECURITY-138)

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM...

PT-2016-3713 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 9.4.1 through 9.5.1 Description: The issue allows remote users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic. This is related to the DCERPC Inspection featur...

Google Blink DOM Homology Policy Bypass Vulnerability

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in the DOM implementation of Blink used in versions of Google Chrome prior to 47.0.2526.73, which stems from the...

UBUNTU-CVE-2015-6770

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768...