137 matches found
VulnCheck KEV: CVE-2013-1670
The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...
Arbitrary Script Injection
Overview Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast paths in $parse. Remediation Upgrade angularjs to version 1.1.5 or higher...
CentOS Update for firefox CESA-2013:0820 centos6
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2013:0820 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Ubuntu: Security Advisory (USN-1822-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla: Privileged access for content level constructor (MFSA 2013-42)
The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attacker...
Mozilla: Privileged access for content level constructor (MFSA 2013-42)
The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attacker...
Cross domain access to object constructors can be used to facilitate cross-site scripting
JavaScripts are able to redefine and override the methods of native objects. They may also do this with the native objects of any document that shares the same origin. By redefining the methods of another document through the constructor property of the document's host objects, a malicious script...
Cross domain access to object constructors can be used to facilitate cross-site scripting – Opera Security Advisories
JavaScripts are able to redefine and override the methods of native objects. They may also do this with the native objects of any document that shares the same origin. By redefining the methods of another document through the constructor property of the document’s host objects, a malicious script...
Oracle Releases Fix For Java CVE-2012-4681 Flaw
Oracle on Thursday released a new version of Java that included a fix for the CVE-2012-4681 vulnerability that has been used in limited targeted attacks in the last couple of weeks. The release of Java 7 update 7 comes about four days after the Java flaw was publicly disclosed, but several months...
RedHat Update for glibc RHSA-2012:0393-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS 6 : glibc (CESA-2012:0393)
Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
DEBIAN-CVE-2009-1720
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to 1 the Imf::PreviewImage::PreviewImage function and...
CVE-2009-1720
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to 1 the Imf::PreviewImage::PreviewImage function and...
CVE-2000-1211
The CVE concerns Zope 2.2.0 through 2.2.4, where security registrations for legacy names of object constructors (e.g., DTML method objects) are not performed correctly. This could allow attackers to perform unauthorized activities due to improper access control on constructor names. The issue is ...