The vulnerability of the Ruby on Rails software platform, which allows attackers to circumvent existing access control policies

The vulnerability in the nestedattributes.rb file of the activerecord/lib/activerecord module in the Ruby on Rails software framework is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to bypass existing access restrictions by using nested attributes ...

SPIP code injection vulnerability

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A code injection vulnerability exists in SPIP. An attacker can exploit this vulnerability to inject arbitrary objects with the help of deserialization of untrustworthy content...

Internet Bug Bounty: Use after free with assign by ref to overloaded objects

Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...

Squid Multiple DoS Vulnerabilities (SQUID-2016:2) - Windows

Squid is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Analyzing Linux Malware Sandbox: Limon

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution post-mortem analysis by...

[SECURITY] Fedora 23 Update: rubygem-activerecord-4.2.3-2.fc23

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 22 Update: rubygem-activerecord-4.2.0-2.fc22

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Vulnerabilities in the Google Chrome browser that allow a perpetrator to trigger a service failure or cause other effects

The multiple vulnerabilities in the Google Chrome browser implementation are related to the use of memory after it is freed. Exploiting these vulnerabilities could allow a malicious actor to cause service failures or potentially have other effects through a specially crafted PDF document, which i...

HP Continuous Delivery Automation Arbitrary Command Execution Vulnerability

HP Continuous Delivery Automation is a suite of solutions for automating the deployment of multi-tier applications. A security vulnerability in HP Continuous Delivery Automation allows remote attackers to execute arbitrary commands using specially crafted serialized Java objects...

VulnCheck KEV: CVE-2011-1255

The Timed Interactive Multimedia Extensions aka HTML+TIME implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted,...

The vulnerability of the IBM Tivoli Common Reporting system, a centralized data collection and analysis tool, allows a intruder to execute arbitrary commands.

The vulnerability of the InvokerTransformer class in the Apache Commons Collections library, used for centralized data collection and analysis in the IBM Tivoli Common Reporting system, is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to...

Vulnerability of Mac OS X and iOS operating systems, allowing attackers to read arbitrary files

The vulnerability of operating systems Mac OS X and iOS is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to remotely access and read arbitrary files using a specially crafted iBook file containing links to external XML...

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2016-01083)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the kernel mode driver for Microsoft Windows, which arises from a program's failure to properly handle memory objects. A local attacker could exploit th...

openstack-swift: Proxy to server DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

openstack-swift: Client to proxy DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

CVE-2016-2048

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

openstack-swift: Client to proxy DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

McAfee ePolicy Orchestrator Java Object Deserialization RCE

The McAfee ePolicy Orchestrator ePO installed on the remote Windows host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to...

Google Kubernetes API Server Security Bypass Vulnerability

Google Kubernetes is an open source Docker container cluster management system. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. Google Kubernetes' API server failed to properly check admission control for...

HPE Operations Manager Arbitrary Command Execution Vulnerability

HPE Operations Manager OM is a set of business-oriented, enterprise-class systems management software from Hewlett Packard Enterprise HPE. The software provides system management, application management, event processing, business presentation and other functions. A security vulnerability exists ...