CVE-2015-5292

Memory leak in the Privilege Attribute Certificate PAC responder plugin sssdpacplugin.so in System Security Services Daemon SSSD 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service memory consumption via a large number of logins that trigger parsing of PAC blobs duri...

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to execute arbitrary code or cause service interruptions.

The vulnerabilities of Adobe Acrobat and Adobe Acrobat Document Cloud for PDF file editing, as well as Adobe Reader and Adobe Reader Document Cloud for PDF file viewing, are due to buffer overflow vulnerabilities. Exploiting these vulnerabilities can allow an attacker to execute arbitrary code or...

The vulnerability of the Microsoft Edge browser, which allows a hacker to bypass the protection against cross-site scripting attacks

The vulnerability of Microsoft Edge exists due to a flaw in the process of checking HTML attributes. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms against cross-site scripting attacks...

SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2015:1833-1)

This update for GCC 4.8 provides the following fixes : - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 - Fix linker segmentation fault when building SLOF on ppc64le. bsc949000 - Fix noinstrumentfunction attribute handling on PPC64...

Avast Antivirus X.509 Certificate Common Name Remote Command Execution

A remote command execution vulnerability has been reported in Avast Antivirus. The vulnerability is due to improper validation of X.509 certificates. Specifically, Avast does not sanitize the Common Name attribute of the X.509 certificates before rendering it as HTML...

word type confusion Vulnerability CVE-2 0 1 5-1 6 4 1 Analysis-vulnerability warning-the black bar safety net

Vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

Adobe Reader fillColor Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Adobe Reader listbox value Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

MS15-107: Cumulative Security Update for Microsoft Edge (3096448)

The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3096448. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to improper handling of objects in memory. A remote attacker can exploit...

SUSE-SU-2015:1833-1 Security update for gcc48

This update for GCC 4.8 provides the following fixes: - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 - Fix linker segmentation fault when building SLOF on ppc64le. bsc949000 - Fix noinstrumentfunction attribute handling on PPC64...

Security update for MozillaFirefox (important)

MozillaFirefox was updated to Firefox 41.0 bnc947003 Security issues fixed: MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards MFSA 2015-97/CVE-2015-4503 bmo994337 Memory leak in mozTCPSocket to servers MFSA 2015-98/CVE-2015-4504 bmo1132467 Out of bounds read in QCMS...

CVE-2015-4476

Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute...

CVE-2015-7179

The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of...

openSUSE Security Update : icedtea-web (openSUSE-2015-602)

The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties n...

FreeBSD : mozilla -- multiple vulnerabilities (2d56c7f4-b354-428f-8f48-38150c607a05)

The Mozilla Project reports : MFSA 2015-96 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with...

Security update for icedtea-web (important)

The icedtea-web java plugin was updated to 1.6.1. Changes included: Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService comments in deployment.properties now should...

Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting. The specific flaw exists within the adminmessages.php...

WordPress <= 4.2 - Stored XSS

Confirmed vulnerable: WordPress 4.2, 4.1.2, 4.1.1, 3.9.3. Tested with MySQL versions 5.1.53 and 5.5.41. OverviewCurrent versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed...

Input validation

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...

CVE-2015-4328

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...