CVE-2015-6704

Technical details for CVE-2015-6704 are not provided in the connected documents. Public information is limited to listing the vulnerability and affected products in the initial description; no patch/version or exploit data is included. Monitor for updates.

Adobe Acrobat Pro DC Color Object Address Disclosure Vulnerability

This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...

CVE-2015-5894

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...

Information disclosure

The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors...

CVE-2015-5849

The CVE-2015-5849 issue affects Apple OS X (pre-10.11) where the AppleEvents filtering implementation mishandles attempts to send events to a different user. This allows a local user, connected via a screen-sharing session, to bypass intended access restrictions by delivering AppleEvents to anoth...

CVE-2015-5917

CVE-2015-5917 affects Apple OS X via tnftpd (formerly Lukemftpd). The glob processing vulnerability in tnftpd can cause memory consumption and daemon outage (DoS) when handling a STAT command containing crafted {..,..,..}/* patterns, affecting OS X versions prior to 10.11. Connected sources corro...

CVE-2015-5917

The glob implementation in tnftpd formerly lukemftpd, as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service memory consumption and daemon outage via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the ..,..,../ substring...

CVE-2015-5891

CVE-2015-5891 affects the SMB implementation in the Apple OS X kernel prior to 10.11. It allows local users to gain privileges or cause a denial of service via memory corruption (unspecified vectors). Base score 7.2 (HIGH). No exploitation status or detailed fix provided in the connected documents.

By PHP deserialization remote code execution-vulnerability warning-the black bar safety net

In the NotSoSecure, we will conduct penetration testing or code review, but recently we came across an interesting PHP code, which could lead to remote code execution RCE）vulnerabilities, but its use was a bit tricky. Experienced a few trying to crack this Code of sleepless nights, we are convinc...

The vulnerability of the Firefox browser, which allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Firefox JavaScript browser implementation is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code when the Debugger API is enabled...

openSUSE Security Update : seamonkey (openSUSE-2015-632)

seamonkey was updated to fix 25 security issues. These security issues were fixed : - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging 1 duplicate cache-key generation or 2 retrieval o...

CVE-2015-7613

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipcaddid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c...

Apple Safari URI spoofing (CVE-2015-5764)

tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability and more general a user interface spoofing. Apple released security updates for Safari 9 on OS X and assigned CVE-2015-5764. Accidentally this vulnerability was also present in iOS. Instant demo In Safari up to 8.0.8 : go to clic...

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

Google Chrome < 43.0.2357.134 Multiple RCE Vulnerabilities

Binary data 8882.pasl...

CVE-2015-4507

The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service getSlotRef assertion failure and application exit or possibly execute arbitrary code via a crafted web site...

DSA-3365-1 iceweasel - security update

Bulletin has no description...

Design/Logic Flaw

The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors...

CVE-2015-3801

The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors...

CVE-2015-5869

The Neighbor Discovery ND protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hoplimit value in a Router Advertisement RA message...