Samsung fimg2d - FIMG2D_BITBLT_BLIT ioctl Concurrency Flaw

Source: https://code.google.com/p/google-security-research/issues/detail?id=492 The Samsung Graphics 2D driver /dev/fimg2d is accessible by unprivileged users/applications. It was found that the ioctl implementation for this driver contains a locking error which can lead to memory errors such as...

DEBIAN-CVE-2015-7298

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle MITM attacks by leveraging a server using a self-signed...

UBUNTU-CVE-2015-7298

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle MITM attacks by leveraging a server using a self-signed...

DEBIAN-CVE-2015-4456

ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a...

CVE-2015-7298

CVE-2015-7298 affects the ownCloud Desktop Client prior to 2.0.1 when built with a Qt release after 5.3.x. The issue is that the client does not call QNetworkReply::ignoreSslErrors with the list of errors to ignore, which can enable remote attackers to perform MITM attacks against servers using s...

CVE-2015-7298

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle MITM attacks by leveraging a server using a self-signed...

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of debugging interfaces in the kernel of the Mac OS X operating system is related to errors in the code. Exploiting this vulnerability can allow a local attacker to cause a service failure...

The vulnerability of the Mac OS X operating system, which allows a hacker to compromise security of information.

The vulnerability of the TLS protocol implementation in the Mac OS X operating system is related to errors in the key exchange process. Exploiting this vulnerability can allow a malicious actor to compromise information security remotely...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Android operating system’s mediaserver component is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the Mac OS X operating system allows a perpetrator to gain access to the security button’s controls.

The vulnerability of the Apple Online Store Kit’s operating system Mac OS X is related to errors in the process of checking the security key and the associated permissions. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the control of the security...

The vulnerability of the Mac OS X operating system, which allows a hacker to modify the microprogramming software

The vulnerability of the EFI component in the Mac OS X operating system is related to errors in the code. Exploiting this vulnerability allows an intruder to modify the microprogramming software using a third-party storage device connected to the Thunderbolt interface...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Android operating system’s mediaserver component is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of the EFI component in the Mac OS X operating system is related to errors in specifying the range of protected registers. Exploiting this vulnerability can allow a malicious actor to trigger a service failure through a specially crafted application...

Adobe Acrobat <= 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-24) (Mac OS X)

The version of Adobe Acrobat installed on the remote Mac OS X host is version 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 or earlier. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists that allows an attacker to disclose information. CVE-2015-669...

Adobe Reader <= 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-24) (Mac OS X)

The version of Adobe Reader installed on the remote Mac OS X host is version 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 or earlier. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists that allows an attacker to disclose information. CVE-2015-6692...

Adobe Acrobat < 10.1.16 / 11.0.13 / 2015.006.30094 / 2015.009.20069 Multiple Vulnerabilities (APSB15-24)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 10.1.16, 11.0.13, 2015.006.30094, or 2015.009.20069. It is, therefore, affected by multiple vulnerabilities. - The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before...

Cross site scripting

Cross-site scripting XSS vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors...

CVE-2015-7365

Cross-site scripting XSS vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors...

Microsoft Windows Excel Viewer Remote Code Execution Vulnerabilities (3096440)

This host is missing an important security update according to Microsoft Bulletin MS15-110. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Google Chrome < 46.0.2490.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 46.0.2490.71. It is, therefore, affected by multiple vulnerabilities : - A same-origin bypass vulnerability exists in Blink that allows an attacker to bypass the same-origin policy. CVE-2015-6755 - A use-after-free erro...