CVE-2015-3752: The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and…

CVE-2014-1748 WebKitGTK+ vulnerabilities Title: WebKitGTK+ vulnerabilities Summary: Several security issues were fixed in WebKitGTK+. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Instructions: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany and Evolution, to make all the necessary changes.

CVE-2015-3752 [MEDIUM] CVE-2015-3752: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3752 Component: CVE-ID

CVE-2015-3752 [MEDIUM] CVE-2015-3752: Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 Apple Security Update: About the security content of Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 Product: Safari 8.0.8, Safari 7.1.8, and Safari Version: 6.2.8 CVE: CVE-2015-3752 Component: CVE-ID

CVE-2015-3752 [MEDIUM] CVE-2015-3752: Apple TV 7.2.1 Apple Security Update: About the security content of Apple TV 7.2.1 Product: Apple TV Version: 7.2.1 CVE: CVE-2015-3752 Component: CVE-ID

CVE-2015-3752 [MEDIUM] CWE-200 GHSA-fgcj-8hc4-j3gh: The Content Security Policy implementation in WebKit in Apple Safari before 6 The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.

CVE-2015-3752 [MEDIUM] CVE-2015-3752: The Content Security Policy implementation in WebKit in Apple Safari before 6 The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.

CVE-2015-2753 [MEDIUM] CVE-2015-2753 CVE-2015-2754 CVE-2015-2776 freexl: multiple flaws when parsing malformed input CVE-2015-2753 CVE-2015-2754 CVE-2015-2776 freexl: multiple flaws when parsing malformed input The following flaws have been found in FreeXL, a library that parses Microsoft Excel spreadsheets: #1: A flaw was found in the way FreeXL reads sectors from the input file. A specially crafted file could possibly result in stack corruption near freexl.c:3752. Reproducer: https://www.dropbox.com/s/3htzndywvtmomlx/freexl_9f74b0e8?dl=0 #2: A flaw was found in the function allocate_cells(). A specially crafted file with invalid workbook dimensions could possibly result in stack corruption near freexl.c:1074 Reproducer: https://www.dropbox.com/s/dcnbbntf7lp03yn/freexl_c9be2aa7?dl=0 #3: A flaw was found in the way FreeXL handles a premature EOF. A specially crafted input file could possibly result