Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.842433 |
Categoría: | Ubuntu Local Security Checks |
Título: | Ubuntu Update for oxide-qt USN-2735-1 |
Resumen: | The remote host is missing an update for the 'oxide-qt'; package(s) announced via the referenced advisory. |
Descripción: | Summary: The remote host is missing an update for the 'oxide-qt' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. (CVE-2015-1291) An issue was discovered in NavigatorServiceWorker::serviceWorker in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1292) An issue was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1293) A use-after-free was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1294) A use-after-free was discovered in the shared-timer implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1299) It was discovered that the availability of iframe Resource Timing API times was not properly restricted in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-1300) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1301) A heap corruption issue was discovered in oxide::JavaScriptDialogManager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1332) Affected Software/OS: oxide-qt on Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-1291 Debian Security Information: DSA-3351 (Google Search) http://www.debian.org/security/2015/dsa-3351 https://security.gentoo.org/glsa/201603-09 RedHat Security Advisories: RHSA-2015:1712 http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.securitytracker.com/id/1033472 SuSE Security Announcement: openSUSE-SU-2015:1586 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:1873 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1292 Common Vulnerability Exposure (CVE) ID: CVE-2015-1293 Common Vulnerability Exposure (CVE) ID: CVE-2015-1294 Common Vulnerability Exposure (CVE) ID: CVE-2015-1299 Common Vulnerability Exposure (CVE) ID: CVE-2015-1300 https://github.com/w3c/resource-timing/issues/29 Common Vulnerability Exposure (CVE) ID: CVE-2015-1301 Common Vulnerability Exposure (CVE) ID: CVE-2015-1332 BugTraq ID: 76710 http://www.securityfocus.com/bid/76710 http://www.ubuntu.com/usn/USN-2735-1 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |