Lynis 2.5.7 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

CVE-2017-5092

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

CVE-2017-5092

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

CVE-2017-5099

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page...

CVE-2017-5099

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page...

Input validation

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page...

Input validation

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

UBUNTU-CVE-2017-5092

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

CVE-2017-5092

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

CVE-2017-5099

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page...

CVE-2017-5092

CVE-2017-5092 affects Google Chrome on Windows where PPAPI Plugins failed to validate untrusted input, enabling a remote attacker to potentially escape the sandbox through a crafted HTML page. The root cause is insufficient input validation in PPAPI Plugins, leading to sandbox escape. Affected ve...

CVE-2017-5099

Google Chrome for Mac PPAPI Plugins were vulnerable due to insufficient validation of untrusted input, enabling privilege elevation via a crafted HTML page. Affected component: PPAPI Plugins in Chrome on macOS; root cause: input validation failure; impact: remote privilege elevation with user int...

CVE-2017-5092

Removed by vendor...

CVE-2017-15922

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTORdviextractmethod function in plugins/dviextractor.c...

CVE-2017-15922

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTORdviextractmethod function in plugins/dviextractor.c...

CVE-2017-15922

In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTORdviextractmethod function in plugins/dviextractor.c...

Cross-Site Request Forgery (CSRF)

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

CSRF Protection Bypass in Ruby on Rails

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

Null pointer dereference

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTORnsfextractmethod function of plugins/nsfextractor.c...

CVE-2017-15601

In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTORpngextractmethod function in plugins/pngextractor.c, related to processiTXt and stndup...