CVE-2015-5788

The CVE-2015-5788 entry describes a flaw in WebKit Canvas handling on iOS prior to version 9 that allows remote attackers to bypass the same-origin policy and read sensitive image data via CANVAS-related vectors. The vulnerability affects the WebKit Canvas implementation and arises from insuffici...

CVE-2015-5826

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2015-5826

CVE-2015-5826 affects WebKit on iOS prior to 9. The issue arises when cross-origin stylesheets are loaded with non-CSS MIME types, enabling cross-origin data exfiltration and bypass of same-origin policies. Public docs confirm the CVE is tied to Safari/WebKit and was addressed in iOS 9/Safari 9 u...

CVE-2015-5827

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a 1 custom event, 2 message event, or 3 pop state event...

UBUNTU-CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element...

CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element...

[USN-2735-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2735-1 September 08, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

Adobe AIR < 18.0.0.180 Multiple Vulnerabilities (APSB15-16)

Binary data 8858.prm...

ASUS RT-N16 - Text-plain Admin Password Disclosure

Description ----------- Several ASUS routers include reflected Cross-Site Scripting CWE-79 and authentication bypass CWE-592 vulnerabilities. An attacker who can lure a victim to browse to a web site containing a specially crafted JavaScript payload can execute arbitrary commands on the router as...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2735-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2735-1 advisory. It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted...

Microsoft Exchange Server information Disclosure Vulnerability (3089250)

This host is missing an important security update according to Microsoft Bulletin MS15-103. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Ubuntu: Security Advisory (USN-2735-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox < 40.0 Multiple Vulnerabilities

Binary data 8856.prm...

USN-2735-1: Oxide vulnerabilities

It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...

USN-2735-1 oxide-qt vulnerabilities

It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...

MGASA-2015-0342 Updated iceape packages fix security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service memory corruption and application crash or possibly...

Google Chrome DOM Homology Bypass Vulnerability

Google Chrome is a WEB-based browser. A vulnerability in the Google Chrome Blink implementation allows remote attackers to construct malicious WEB pages that can be tricked into parsing by users, which can bypass the same-origin policy and execute special script code...

Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-05805)

Google Chrome is a WEB-based browser. A vulnerability in the modules/serviceworkers/NavigatorServiceWorker.cpp NavigatorServiceWorker::serviceWorker function in Google Chrome Blink allows remote attackers to construct a malicious WEB page that can trick the user to parse it, which can bypass the...

Google Chrome Blink Denial of Service Vulnerability (CNVD-2015-05799)

Google Chrome is a WEB-based browser. A vulnerability in the ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Google Chrome Blink allows remote attackers to construct a malicious WEB page and trick users into parsing it, which can bypass the same-origin policy and execut...

IBM WebSphere MQ MQI Call Target Channel Agent Crash Vulnerability

IBM WebSphere MQ is a solution for providing messaging services in the enterprise. A security vulnerability exists in IBM WebSphere MQ that allows a remote user to send a special MQI call to crash the target channel agent, stopping processing on other channels running under the same MCA...