Authentication flaw

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

Design/Logic Flaw

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element...

CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element...

CVE-2015-5826

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2015-5788

The CVE-2015-5788 entry describes a flaw in WebKit Canvas handling on iOS prior to version 9 that allows remote attackers to bypass the same-origin policy and read sensitive image data via CANVAS-related vectors. The vulnerability affects the WebKit Canvas implementation and arises from insuffici...

CVE-2015-5826

CVE-2015-5826 affects WebKit on iOS prior to 9. The issue arises when cross-origin stylesheets are loaded with non-CSS MIME types, enabling cross-origin data exfiltration and bypass of same-origin policies. Public docs confirm the CVE is tied to Safari/WebKit and was addressed in iOS 9/Safari 9 u...

CVE-2015-5827

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a 1 custom event, 2 message event, or 3 pop state event...

CVE-2015-5827

Technical details for CVE-2015-5827 are not publicly provided in the connected documents. The included sources reference the vulnerability but do not disclose affected versions, root cause, exploit specifics, or fixes within this dataset. Monitor for updates.

CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element...

UBUNTU-CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element...

[USN-2735-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2735-1 September 08, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

Adobe AIR < 18.0.0.180 Multiple Vulnerabilities (APSB15-16)

Binary data 8858.prm...

ASUS RT-N16 - Text-plain Admin Password Disclosure

Description ----------- Several ASUS routers include reflected Cross-Site Scripting CWE-79 and authentication bypass CWE-592 vulnerabilities. An attacker who can lure a victim to browse to a web site containing a specially crafted JavaScript payload can execute arbitrary commands on the router as...

Microsoft Exchange Server information Disclosure Vulnerability (3089250)

This host is missing an important security update according to Microsoft Bulletin MS15-103. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Ubuntu: Security Advisory (USN-2735-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox < 40.0 Multiple Vulnerabilities

Binary data 8856.prm...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2735-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2735-1 advisory. It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted...

USN-2735-1 oxide-qt vulnerabilities

It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...

USN-2735-1: Oxide vulnerabilities

It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...

MGASA-2015-0342 Updated iceape packages fix security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service memory corruption and application crash or possibly...