1244 matches found
php: gd extension NUL byte injection in file names
It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...
UBUNTU-CVE-2014-3173
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service read of uninitialized memory via a crafted CANVAS element, related to...
[SECURITY] Fedora 20 Update: gd-2.1.0-6.fc20
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the...
GD Graphics Library 2.0.33 Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18294/info The GD Graphics Library is prone to a denial-of-service vulnerability. Attackers can trigger an infinite-loop condition when the library tries to handle malformed image files. This issue allows attackers to...
GD Graphics Library <= 2.0.34 (libgd) gdImageCreateXbm Function Unspecified DoS
No description provided by source. source: http://www.securityfocus.com/bid/24651/info The GD graphics library is prone to multiple vulnerabilities. An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the...
SeaMonkey Denial of Service Vulnerability-01 (May 2014) - Windows
SeaMonkey is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey";...
Mozilla Firefox Denial of Service Vulnerability-01 (May 2014) - Windows
Mozilla Firefox is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SeaMonkey < 2.26 Multiple Vulnerabilities
The installed version of SeaMonkey is a version prior to 2.26 and is, therefore, potentially affected by the following vulnerabilities : - An issue exists in the Network Security NSS library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in-...
Out-of-bounds write in Cairo — Mozilla
Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentiall...
Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)
Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause...
Mozilla Thunderbird < 24.4 Multiple Vulnerabilities
The installed version of Thunderbird is a version prior to 24.4 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - An issue exists where extracted files for updates are not...
Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox ESR 24.x is prior to 24.4 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - A flaw exists in the checkHandshake function due to improper...
Fedora Update for ghc-X11 FEDORA-2013-13332
Check for the Version of ghc-X11 OpenVAS Vulnerability Test Fedora Update for ghc-X11 FEDORA-2013-13332 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gegl FEDORA-2013-12115
Check for the Version of gegl OpenVAS Vulnerability Test Fedora Update for gegl FEDORA-2013-12115 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Fedora Update for gegl FEDORA-2013-12108
Check for the Version of gegl OpenVAS Vulnerability Test Fedora Update for gegl FEDORA-2013-12108 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Fedora Update for gegl FEDORA-2013-12075
Check for the Version of gegl OpenVAS Vulnerability Test Fedora Update for gegl FEDORA-2013-12075 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
RedHat Update for mesa RHSA-2013:0898-01
Check for the Version of mesa OpenVAS Vulnerability Test RedHat Update for mesa RHSA-2013:0898-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Mesa: Multiple integer overflows leading to heap-based bufer overflows
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XF86DRIOpenConnection and 2 XF86DRIGetClientDriverName functions...
PT-2013-1159 · Mesa +4 · Mesa-Libgl +6
Name of the Vulnerable Software and Affected Versions: Mesa versions prior to 9.1.1 Mesa versions 6.5.1 Mesa-libGL versions 6.5.1 through 9.0 Mesa-libGLU versions 6.5.1 through 9.0 Mesa-libOSMesa versions 6.5.1 through 9.0 xorg-server versions prior to 1.14.3-r2 Description: The issue is related ...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8578)
Mozilla Firefox has been updated to the 17.0.6ESR security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and...