The vulnerability of the WildFly application server and the JBoss Enterprise Application Platform, which allows a hacker to perform authentication under the identity of an administrator

The vulnerability of the Java server consoles of WildFly and the JBoss Enterprise Application Platform lies in the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to bypass authentication as the administrator, when the administrator performs any actions...

kernel: crypto api unprivileged arbitrary module load via request_module()

A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel...

kernel: crypto api unprivileged arbitrary module load via request_module()

A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel...

chromium: information leakage

The PDF viewer does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

CVE-2014-3714

The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service crash via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow...

Debian DSA-3378-1 : gdk-pixbuf - security update

Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-7673 Gustavo Grieco discovered a heap overflow in the processing of TGA images whi...

[SECURITY] [DSA 3378-1] gdk-pixbuf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2015 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3378-1 (gdk-pixbuf - security update)

Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7673 Gustavo Grieco discovered a heap overflow in the processing of TGA images which...

DSA-3378-1 gdk-pixbuf - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3378-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple iOS < 9.0 Multiple Vulnerabilities

Binary data 8979.prm...

Microsoft Edge Memory Object Handling Information Disclosure Vulnerability

Microsoft Edge is one of the latest WEB browsers. A security vulnerability exists in Microsoft Edge's handling of object memory. The vulnerability allows remote attackers to construct a special WEB page to trick users into loading it, which can obtain partial memory information about the target...

UBUNTU-CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...

Cisco AnyConnect elevation of privileges via DLL side loading

------------------------------------------------------------------------ Cisco AnyConnect elevation of privileges via DLL side loading ------------------------------------------------------------------------ Yorick Koster, June 2015...

SUSE-SU-2015:1889-1 Security update for ruby19

ruby19 was updated to fix two security issues. The following vulnerabilities were fixed: CVE-2015-1855: Ruby OpenSSL hostname verification was too permissive bsc926974. CVE-2009-5147: DL::dlopen could have loaded a library with tainted library name even if $SAFE 0 bsc939860...

APPLE-SA-2015-09-16-3 iTunes 12.3

APPLE-SA-2015-09-16-3 iTunes 12.3 iTunes 12.3 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption...

Mac OS X : Apple Safari < 9.0 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is prior to 9.0. It is, therefore, affected by multiple vulnerabilities in the following components : - Safari - Safari Downloads - Safari Extensions - Safari Safe Browsing - WebKit - WebKit CSS - WebKit JavaScript Bindings - WebKi...

CVE-2015-3844

The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings...