[SECURITY] [DSA 3315-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...

Google Chrome Blink Security Bypass Vulnerability (CNVD-2015-04885)

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in Blink used in versions of Google Chrome prior to 44.0.2403.89, which stems from the program failing to set th...

CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Authentication flaw

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Debian Security Advisory DSA 3315-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass...

CVE-2015-1287

Removed by vendor...

CVE-2015-1287

CVE-2015-1287 affects Blink (Chrome’s rendering engine) prior to Chrome 44.0.2403.89, where a quirks-mode exception allows CSS text/css to bypass content-type checks, enabling a remote attacker to bypass the Same-Origin Policy via a crafted site. The root cause is linked to CSSStyleSheetResource....

CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Debian: Security Advisory (DSA-3315-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Adobe Flash Player Same Origin Policy Bypass (APSB15-16: CVE-2015-3116; CVE-2015-3115)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

FreeBSD : devel/ipython -- CSRF possible remote execution vulnerability (81326883-2905-11e5-a4a5-002590263bf5)

Kyle Kelley reports : Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...

SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1214-1) (Underminer)

flash-player was updated to fix 35 security issues. These security issues were fixed : - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution bsc937339. - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134,...

SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1211-1) (Underminer)

flash-player was updated to fix 35 security issues. These security issues were fixed : - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution bsc937339. - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134,...

devel/ipython -- CSRF possible remote execution vulnerability

Kyle Kelley reports: Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...

Google Chrome < 43.0.2357.132 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.132. It is, therefore, affected by multiple vulnerabilities in the bundled version of Adobe Flash : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash...

Apple iOS < 8.3 Multiple Vulnerabilities

Binary data 8803.prm...

Google Chrome < 43.0.2357.132 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.132. It is, therefore, affected by multiple vulnerabilities in the bundled version of Adobe Flash : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash...

CVE-2015-3125

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy v...