524 matches found
CVE-2016-3100
kinit in KDE Frameworks before 5.23.0 uses weak permissions 644 for /tmp/xauth-xxx-y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file...
CVE-2016-3100
kinit in KDE Frameworks before 5.23.0 uses weak permissions 644 for /tmp/xauth-xxx-y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file...
CVE-2016-3100
KDE Frameworks components suffer from a local-privilege issue in kinit prior to v5.23.0: the directory /tmp/xauth-xxx-_y is created with weak permissions (644), enabling local users to read X11 cookies of other users and potentially capture keystrokes or escalate privileges. Remediation: upgrade ...
Android - IOMX getConfig/getParameter Information Disclosure
Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:6.0.1/MMB29O/2459718:user/release-keys Class: Information Disclosure...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information or bypass security mechanisms
The vulnerability of the Android operating system’s Native Frameworks library relates to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to obtain confidential information or bypass security mechanisms...
Android Native Frameworks Library Information Disclosure Vulnerability
Android is a cell phone operating system based on the Linux open kernel. A security vulnerability exists in the implementation of the Native Frameworks Library in Android versions prior to 5.1.1 LMY48Z and 6.0 2015-12-01, which can be exploited by remote attackers to obtain sensitive information...
CVE-2015-6622
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka intern...
CVE-2015-6622
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka intern...
Design/Logic Flaw
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka intern...
CVE-2015-6622
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka intern...
CVE-2015-6622
The CVE-2015-6622 issue affects the Android Native Frameworks Library in Android versions before 5.1.1 LMY48Z and 6.0 before 2015-12-01. It is described as an information-disclosure vulnerability that could allow attackers to obtain sensitive information and bypass certain protections, demonstrat...
Acunetix v10 - Web Application Security Testing Tool
Acunetix, the pioneer in automated web application security software, has announced the release of version 10 of its Vulnerability Scanner. New features are designed to prevent the risk of hacking for all customers; from small businesses up to large enterprises, including WordPress users, web...
Oracle Endeca Tools and Frameworks Script.action Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Authentication is required to exploit this vulnerability, but authentication is easily bypassed. This product installs a web application called Oracle Endeca...
Apple OS X GateKeeper Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Gatekeeper. The issue...
[SECURITY] Fedora 20 Update: perl-Plack-1.0031-1.fc20
Plack is a set of tools for using the PSGI stack. It contains middleware components, a reference server and utilities for Web application frameworks. Plack is like Ruby's Rack or Python's Paste for WSGI...
Fedora 19 : v8-3.14.5.10-11.fc19 (2014-9113)
TJ Fontaine of the Node.js project reports : A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an...
[Watcher] passive Web-security scanner
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...
Fedora Update for rubygem-rack FEDORA-2013-2315
Check for the Version of rubygem-rack OpenVAS Vulnerability Test Fedora Update for rubygem-rack FEDORA-2013-2315 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
[SECURITY] Fedora 18 Update: rubygem-rack-1.4.0-5.fc18
Rack provides a common API for connecting web frameworks, web servers and layers of software in between...
[SECURITY] Fedora 17 Update: rubygem-rack-1.4.0-4.fc17
Rack provides a common API for connecting web frameworks, web servers and layers of software in between...