Christmas Tree Fun - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Christmas Tree Fun published at the 'play' market has multiple vulnerabilities...

New Year: Xmas Tree Puzzle - Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application New Year: Xmas Tree Puzzle published at the 'play' market has multiple vulnerabilities...

Season of Tree :Forest Friends - External URLs, Possible privilege escalation, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Season of Tree :Forest Friends published at the 'play' market has multiple vulnerabilities...

FamilySearch Tree - Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application FamilySearch Tree published at the 'play' market has multiple vulnerabilities...

MyHeritage - Family Tree - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application MyHeritage - Family Tree published at the 'play' market has multiple vulnerabilities...

UBUNTU-CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...

Control CSS loading with custom properties

Last week I wrote about a simple method to load CSS progressively, and on the very same day some scientists taught gravity how to wave. Coincidence? Yes. The pattern in the previous post covers the 90% case of multi-stage CSS loading, and it's really simple to understand. But would you like to he...

Microsoft Edge Text Node Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge...

UEFI firmware image viewer and editor: UEFITool

It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...

CVE-2016-1260

Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service network loop and bandwidth consumption via unspecified vectors related to Spanning Tree Protocol STP traffic...

CVE-2016-1260

Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service network loop and bandwidth consumption via unspecified vectors related to Spanning Tree Protocol STP traffic...

Design/Logic Flaw

Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service network loop and bandwidth consumption via unspecified vectors related to Spanning Tree Protocol STP traffic...

CVE-2016-1260

Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service network loop and bandwidth consumption via unspecified vectors related to Spanning Tree Protocol STP traffic...

Scientific Linux Security Update : pcs on SL7.x x86_64 (20151119)

A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash. CVE-2015-3225 The pcs package has been upgraded to upstream version 0.9.143, which provides a number of bug fixe...

CVE-2015-4844

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

USN-2770-1: Oxide vulnerabilities

It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...

Code injection

The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...

CVE-2015-6755

The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...

CVE-2015-6755

CVE-2015-6755 affects Blink (ContainerNode::parserInsertBefore in core/dom/ContainerNode.cpp) used by Google Chrome prior to 46.0.2490.71. The issue allows bypassing the Same Origin Policy via crafted JavaScript that triggers a DOM tree insertion even when a parent node no longer contains a child...

CVE-2015-6755

Removed by vendor...