CVE-2016-1706

CVE-2016-1706 concerns the Chrome/Chromium PPAPI sandbox escape: the PPAPI implementation did not validate the origin of IPC messages to the plugin broker that should have originated from the browser process, enabling a sandbox bypass via an unexpected message type. Affected product family: Googl...

Overflow in UEFI Variable Reclaim Function - Lenovo Support US

No description provided...

CVE-2016-5137

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs,...

WordPress Multiple Vulnerabilities (Jul 2016) - Windows

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

CVE-2016-3802

CVE-2016-3802: Privilege-escalation in the Android kernel file system (Nexus 9) due to a fault in the kernel file system implementation. Local attacker could gain privileges via a crafted app. Exploitation status not provided in the documents. The issue is listed in the 2016-07-01/07-05 Android s...

CVE-2015-8889

CVE-2015-8889 concerns the aboot implementation in Qualcomm components within Android on Nexus 6P devices, prior to the 2016-07-05 patch. The description notes that the recovery PIN feature is omitted, with impact and attack vectors listed as unspecified. Connected CNVD-2016-04846 and related CNV...

Free SSL tools have vulnerabilities hackers can get any domain name of the SSL certificate-vulnerability warning-the black bar safety net

! 0 0 0 0 The Dutch security companyCompuTestsecurity researcherThijs Alkemadein Israel the companyStarCom, poweredcreate publish freeSSLcertificate toolStartEncryptfound in a number of design and implementation defects. StarCom, powered by the Let's Encrypt project, inspired, in 6 on 4, launch...

The vulnerability of the Firefox browser, which allows a malicious actor to trigger a service failure

The Mozilla Firefox browser contains a vulnerability related to errors in class implementation. Exploiting this vulnerability allows a malicious actor to trigger a service failure for an application through the onbeforeunload event, causing JavaScript to run in the background...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to trigger a service failure

Mozilla SeaMonkey software contains a vulnerability related to class implementation errors. Exploiting this vulnerability allows a malicious actor to trigger a service failure in an application through the onbeforeunload event, causing JavaScript to run in the background...

phpMyAdmin Multiple Vulnerabilities (PMASA-2016-24, PMASA-2016-26, PMASA-2016-27, PMASA-2016-28) - Linux

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

CVE-2016-5705

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

CVE-2016-5705

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...

Debian DSA-3607-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerabilities (USN-3016-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3016-3 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-3021-1)

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-3020-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3020-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...