542 matches found
CVE-2016-5132
Removed by vendor...
CVE-2016-5132
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...
UBUNTU-CVE-2016-5132
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...
CVE-2016-5132
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...
The vulnerability of Cisco Nexus 7000 software allows a malicious individual to increase their privileges.
The vulnerability in Cisco NX-OS devices of the Nexus 7000 series – where multiple virtual device contexts VDC are enabled, along with local authentication – allows remote users who have passed authentication to elevate their privileges within an unplanned VDC environment, by using SSH sessions a...
The vulnerabilities in iOS and Mac OS X operating systems allow attackers to trigger service failures or execute arbitrary code in privileged contexts.
The vulnerability of the IOHIDFamily component in iOS and Mac OS X operating systems arises due to buffer overflows. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged context or cause a service failure memory corruption through a specially created...
libgd 2.1.1 Signedness
Overview ======== libgd 1 is an open-source image library. It is perhaps primarily used by the PHP project. It has been bundled with the default installation of PHP since version 4.3 2. A signedness vulnerability CVE-2016-3074 exist in libgd 2.1.1 which may result in a heap overflow when processi...
The vulnerabilities in iOS and Mac OS X operating systems allow attackers to trigger service failures or execute arbitrary code in privileged contexts.
The vulnerability of the IOKit component in SCSI operating systems for iOS and Mac OS X is related to pointer assignment errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged contexts or cause service failures through an application that provides a...
Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)
Source: https://code.google.com/p/google-security-research/issues/detail?id=505 The attached testcase triggers a use-after-free condition in win32k. The attached debugger output was triggered on Windows 7 with Special Pool enabled on win32k.sys. --- Proof of Concept:...
Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)
Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free MS15-115 Source: https://code.google.com/p/google-security-research/issues/detail?id=505 The attached testcase triggers a use-after-free condition in win32k. The attached debugger output was triggered on Windows 7 wit...
Moodle Cross-Site Request Forgery Vulnerability (CNVD-2015-07726)
Moodle is a free, open source e-learning software platform. Moodle suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Source: https://code.google.com/p/google-security-research/issues/detail?id=433 --- The attached PoC demonstrates a UAF condition with printer device contexts. The PoC will trigger on Win 7 32-bit with Special Pool enabled. --- Proof of Concept:...
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts MS15-097 Source: https://code.google.com/p/google-security-research/issues/detail?id=433 --- The attached PoC demonstrates a UAF condition with printer device contexts. The PoC will trigger on Win 7 32-bit with Special Pool...
[SECURITY] Fedora 21 Update: drupal6-ctools-1.14-1.fc21
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...
[SECURITY] Fedora 23 Update: drupal6-ctools-1.14-1.fc23
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...
Cisco Nexus 7000 Device Local Elevation of Privilege Vulnerability
The Cisco Nexus 7000 Series switches help create the network infrastructure platform needed for next-generation unified array data centers. Multiple elevation of privilege vulnerabilities exist in the Python scripting subsystem on Cisco Nexus 7000 devices configured with multiple VDCs, which can ...
USN-2581-1 network-manager vulnerability
Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files...
UBUNTU-CVE-2015-1322
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu vivid before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a...
[SECURITY] Fedora 21 Update: drupal7-ctools-1.7-1.fc21
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...
[SECURITY] Fedora 20 Update: drupal7-ctools-1.7-1.fc20
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...