Unspecified Vulnerability in libimobiledevice and libusbmuxd

libimobiledevice is a software protocol library and tool that enables Linux support for connecting to iOS devices such as the iPhone, iPodTouch, etc. libusbmuxd is a client library for connecting to iOS devices. An unspecified vulnerability exists in libimobiledevice and libusbmuxd, which arises...

Google Chrome forEachForBinding Function Same Origin Policy Bypass Vulnerability

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A vulnerability exists in the 'forEachForBinding' function in the WebKit/Source/bindings/core/v8/Iterable.h file in the V8 binding of Blink used...

chromium-browser: same origin bypass in blink v8 bindings

The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

Google Chrome Cross-Site Scripting Vulnerability (CNVD-2016-02450)

Google Chrome is a web browser developed by the American company Google Google. A cross-site scripting vulnerability exists in Google Chrome versions prior to 50.0.2661.75, which stems from an error in the extension binding. A remote attacker can exploit this vulnerability to inject arbitrary web...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-431)

This update for java-170-openjdk fixes the following issues : java-170-openjdk was updated to 2.6.5 - OpenJDK 7u99 boo972468 - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX...

chromium-browser: various fixes from internal audits

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

SAML Raider - SAML2 Burp Extension

SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates. This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik...

USN-2778-1 linux-lts-vivid vulnerabilities

It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service...

USN-2776-1 linux vulnerabilities

It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service...

Adobe Flash - IExternalizable.writeExternal Type Confusion

Adobe Flash - IExternalizable.writeExternal Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=547 If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to...

LXC Elevation of Privilege Vulnerability

LXC LinuX Containers is a user-space interface to the Linux kernel's container functionality that makes it easy for Linux users to create and manage system or application containers with a powerful API and simple tools. An elevation of privilege vulnerability exists in LXC versions prior to 1.0.8...

[SECURITY] Fedora 23 Update: php-ZendFramework2-2.4.8-1.fc23

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

nevisAuth Authentication Bypass Vulnerability

nevisAuth versions since 4.13.0.0 2012-11-21 and prior to 4.18.3.1 2015-07-02 suffer from an authentication bypass vulnerability. Product: nevisAuth 1 Vendor: AdNovum 2 CVD ID: CVE-2015-5372 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Antoine Neuenschwander...

How to Bind Certificates to Citrix Gateway Virtual Server

Refer to Citrix Documentation for detailed instruction -To bind the certificate and private key to a virtual server...

[SECURITY] Fedora 21 Update: php-ZendFramework2-2.4.7-1.fc21

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

Scientific Linux Security Update : net-snmp on SL6.x i386/x86_64 (20150722)

A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the '-OQ' option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash. CVE-2014-3565 This update...

Moderate: Red Hat Security Advisory: net-snmp security and bug fix update

Updated net-snmp packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

cups: cross-site scripting flaw in CUPS web UI (VU#810572)

A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface...

[SECURITY] Fedora 22 Update: php-ZendFramework2-2.3.8-1.fc22

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

[SECURITY] Fedora 21 Update: php-ZendFramework2-2.3.8-1.fc21

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...