12 matches found
[SECURITY] [DSA 5791-1] python-reportlab security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5791-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 13, 2024 https://www.debian.org/security/faq -...
Debian dsa-5791 : python-reportlab-doc - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5791 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5791-1 [email protected] https://www.debian.org/security/ Moritz...
[SECURITY] [DSA 5771-1] php-twig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2024 https://www.debian.org/security/faq -...
Ann Day honey network capture“use of the ElasticSearch Groovy vulnerability Monroe coin(Dog)mining”event analysis-vulnerability warning-the black bar safety net
1, Overview 2019 6 May 13, Ann Day honey network capture to use CVE-2015-1427ElasticSearch Groovyremote command execution vulnerability attacks. The vulnerability principle is Elaticsearch groovy as a scripting language, and based on the use of black and white lists of the sandbox mechanism to...
EulerOS Virtualization 2.5.1 : ghostscript (EulerOS-SA-2019-1016)
According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibl...
jre7-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
jdk7-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
jre8-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
KLA10760 Security bypass vulnerabilities in Google Chrome
An unspecified vulnerability was found in Google Chrome. By exploiting this vulnerability malicious users can bypass same origin policy and sandbox mechanism protection. This vulnerability can be exploited remotely via an unknown vectors. Original advisories Google Chrome releases blog Related...
Hacking Team attack code analysis Part 3 : the Adobe Font Driver kernel driver elevation of privilege vulnerability-vulnerability warning-the black bar safety net
In order to in IE and Chrome bypassing its sandbox mechanism to completely control the user's system, Hacking Team also utilizes a Windows kernel driver: the Adobe Font Driveratmfd.dllin the presence of a font 0day vulnerability to achieve privilege escalation and bypass the sandbox mechanism. Th...
CVE-2015-0820
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web...
Debian Security Advisory DSA 1364-1 (vim)
The remote host is missing an update to vim announced via advisory DSA 1364-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...