CVE-2015-6774

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that...

CVE-2015-6772

CVE-2015-6772 refers to a flaw in Blink used by Google Chrome before 47.0.2526.73, where the DOM implementation did not prevent javascript: URL navigation while a document was detached. This enables bypass of the Same Origin Policy through crafted JavaScript interactions with a plugin. The issue ...

CVE-2015-6786

The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a pattern, which allows remote attackers to bypass intended scheme...

CVE-2015-6774

CVE-2015-6774 is a use-after-free in the Chrome/Chromium Extensions bindings. A crafted JavaScript payload in renderer/loadtimes_extension_bindings.cc (GetLoadTimes) can trigger a crash or potentially broader impact, leading to a denial of service and unspecified effects. Affected product: Google...

CVE-2015-6777

Removed by vendor...

CVE-2015-6772

Removed by vendor...

CVE-2015-6766

Removed by vendor...

CVE-2015-3193

The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key...

CVE-2015-6770

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768...

CentOS 7 : rest (CESA-2015:2237)

Updated rest packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CV...

DSA-3410-1 icedove - security update

Bulletin has no description...

Debian DSA-3405-1 : smokeping - security update

Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd modcgi passed additional arguments to the smokepingcgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests. %NASLMINLEV...

OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883...

OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883...

RHEL 7 : rest (RHSA-2015:2237)

Updated rest packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CV...

RHEL 7 : kernel (RHSA-2015:2152)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2152 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file...

Low: Red Hat Security Advisory: rest security update

Updated rest packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CV...

CVE-2015-8023

The CVE-2015-8023 entry concerns strongSwan’s EAP-MSCHAPv2 server in the eap-mschapv2 plugin. A flaw in validating local state allows remote attackers to bypass authentication by sending an empty Success message in response to an initial Challenge. Affected range is strongSwan 4.2.12–5.x before 5...

Design/Logic Flaw

The receivera function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery ND protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hoplimit value in a Router Advertisement RA message, a similar issue to CVE-2015-2922...

DLA-340-1 krb5 - security update

Bulletin has no description...