8389 matches found
UBUNTU-CVE-2016-4566
Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...
CVE-2016-4566
The CVE-2016-4566 entry concerns a cross-site scripting (XSS) vulnerability in plupload.flash.swf (Plupload before 2.1.9) used by WordPress before 4.5.2. The flaw allows remote attackers to inject arbitrary script or HTML via a Same-Origin Method Execution (SOME) attack. Public details from conne...
CVE-2016-4566
Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...
WordPress Same Origin Method Execution Vulnerability (May 2016) - Linux
WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Same Origin Method Execution Vulnerability (May 2016) - Windows
WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-2960-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2960-1 advisory. An out of bounds write was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potential...
USN-2960-1 oxide-qt vulnerabilities
An out of bounds write was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. CVE-2016-1660 It was discovered that Blink assumes that a frame...
MGASA-2016-0183 Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser-stable 50.0.2661.102 fixes several security issues: same origin bypass vulnerabilities in DOM CVE-2016-1667 and the Blink V8 bindings CVE-2016-1668, a buffer overflow in V8 CVE-2016-1669, and a race condition in the loader CVE-2016-1670...
WordPress Core Flash File Same-Origin Method Execution (CVE-2016-4566)
A same-origin method execution vulnerability exists in WordPress Core Flash File. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Google Chrome Security Updates (stable-channel-update-2016-05) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Google Chrome forEachForBinding Function Same Origin Policy Bypass Vulnerability
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A vulnerability exists in the 'forEachForBinding' function in the WebKit/Source/bindings/core/v8/Iterable.h file in the V8 binding of Blink used...
Google Chrome TreeScope::adoptIfNeeded function homology policy bypass vulnerability
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A same-origin policy bypass vulnerability exists in the 'TreeScope::adoptIfNeeded' function in the WebKit/Source/core/dom/TreeScope.cpp file in...
DLA-478-1 squid3 - security update
Bulletin has no description...
CVE-2016-1668
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1668
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
CVE-2016-1661
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a...
Memory corruption
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a...
Design/Logic Flaw
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...