UBUNTU-CVE-2017-6512

Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic...

Mozilla Firefox 'UnbindFromTree' Stack Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox suffers from a stack buffer overflow vulnerability. An attacker could exploit this vulnerability to cause the affected application to crash, resulting in a denial of service...

CentOS Update for java CESA-2017:1204 centos7

Check the version of java SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882709";...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

Medium: java-1.8.0-openjdk

Issue Overview: Improper re-use of NTLM authenticated connections Networking, 8163520: It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could...

Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

Chrome Universal XSS using widget updates in ContainerNode::parserRemoveChild (CVE-2016-1630)

VULNERABILITY DETAILS There are 3 methods where ContainerNode::removeBetween is invoked: 1. ContainerNode::removeChild 2. ContainerNode::parserRemoveChild 3. ContainerNode::removeChildren The calls in 1 and 3 are within the scope of HTMLFrameOwnerElement::UpdateSuspendScope, but 2 is unprotected...

Resource Management Errors

Overview Affected versions of this package are vulnerable to Resource Management Errors. The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted PDF document...

UBUNTU-CVE-2017-8054

The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted PDF document...

Chrome Universal XSS through adopting image elements (CVE-2016-1667)

VULNERABILITY DETAILS When a node is being adopted, the tree scope adopter calls |didMoveToNewDocument| on each rescoped node in the tree. The 同理 ， iframe 、 js也采用类似的处理流程 implementation of |didMoveToNewDocument| calls the corresponding method on the related loader, which clears and stops observing...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

Chrome Universal XSS via fullscreen element updates (CVE-2016-5207)

VULNERABILITY DETAILS From /thirdparty/WebKit/Source/core/dom/Fullscreen.cpp: void Fullscreen::didEnterFullscreenForElementElement element ... // FIXME: This should not call updateStyleAndLayoutTree. document-updateStyleAndLayoutTree; ... Indeed. |didEnterFullscreenForElement| may be called in th...

Chrome Universal XSS by polluting private scripts with named properties (CVE-2017-5008)

VULNERABILITY DETAILS When a private script method is invoked, a ScriptForbiddenScope::AllowUserAgentScript scope is set up to allow running the internal script. It is possible to exploit this scope to execute user code here: static v8::Local compileAndRunPrivateScriptScriptState scriptState,...

Chrome Universal XSS by intercepting a UA shadow tree(CVE-2016-5204)

VULNERABILITY DETAILS When an event is dispatched to an element in a SVG shadow tree, the Event::currentTarget returns the original corresponding node, but the Event::target doesn't make any attempt to redirect access. Therefore, the tree can be trivially leaked like this: Gaining access to the...

Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)

VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...