PT-2015-5464

Name of the Vulnerable Software and Affected Versions jquery-rails versions 3.1.3 and earlier, jquery-rails versions 4.x prior to 4.0.4 jquery-ujs versions 1.0.4 and earlier Description The issue allows remote attackers to bypass the Same Origin Policy and trigger transmission of a CSRF token to ...

[SECURITY] [DSA 3315-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3315-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3315-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...

Google Chrome Blink Security Bypass Vulnerability (CNVD-2015-04885)

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in Blink used in versions of Google Chrome prior to 44.0.2403.89, which stems from the program failing to set th...

CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Authentication flaw

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Fiat Chrysler Automobiles Uconnect Remote Elevation of Privilege Vulnerability

Fiat Chrysler Automobiles Uconnect is a suite of in-car information systems from Fiat Chrysler Automobiles FCA in the United States. An unspecified vulnerability exists in Fiat Chrysler Automobiles Uconnect 15.26.1. A remote attacker on the same mobile network could exploit this vulnerability by...

CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Debian Security Advisory DSA 3315-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass...

CVE-2015-1287

CVE-2015-1287 affects Blink (Chrome’s rendering engine) prior to Chrome 44.0.2403.89, where a quirks-mode exception allows CSS text/css to bypass content-type checks, enabling a remote attacker to bypass the Same-Origin Policy via a crafted site. The root cause is linked to CSSStyleSheetResource....

CVE-2015-1287

Removed by vendor...

CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Debian: Security Advisory (DSA-3315-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2015-1287

Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related t...

Adobe Flash Player Same Origin Policy Bypass (APSB15-16: CVE-2015-3116; CVE-2015-3115)

A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

FreeBSD : devel/ipython -- CSRF possible remote execution vulnerability (81326883-2905-11e5-a4a5-002590263bf5)

Kyle Kelley reports : Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...

SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1214-1) (Underminer)

flash-player was updated to fix 35 security issues. These security issues were fixed : - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution bsc937339. - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134,...

SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1211-1) (Underminer)

flash-player was updated to fix 35 security issues. These security issues were fixed : - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution bsc937339. - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134,...

devel/ipython -- CSRF possible remote execution vulnerability

Kyle Kelley reports: Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...