9053 matches found
graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...
CVE-2016-2795
The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...
DEBIAN-CVE-2016-2795
The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...
CVE-2016-2795
The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...
Code injection
The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...
CVE-2016-2795
Graphite 2 vulnerability CVE-2016-2795 affects the Graphite font engine library. The function graphite2::FileFace::get_table_fn in Graphite 2 before 1.3.6 does not initialize memory for an unspecified data structure, enabling a remote attacker to cause denial of service (and possibly other impact...
CVE-2016-2795
The graphite2::FileFace::gettablefn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other...
CVE-2016-0828
The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an...
Arbitrary Code Execution Vulnerability in Multiple Adobe Products (CNVD-2016-01539)
Adobe Acrobat DC, etc. are the United States of America Auduby Adobe company's products. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF.Classic and Continuous are Acrobat DC and Acrobat Reader DC product download center to provid...
Fedora 23 : xen-4.5.2-6.fc23 (2015-d8253e2b1d)
paravirtualized drivers incautious about shared memory contents XSA-155, CVE-2015-8550 qemu-dm buffer overrun in MSI-X handling XSA-164, CVE-2015-8554 information leak in legacy x86 FPU/XMM initialization XSA-165, CVE-2015-8555 ioreq handling possibly susceptible to multiple read issue XSA-166 No...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause some other unspecified effect.
The vulnerability of the VideoFramePool::PoolImpl::CreateFrame function in the media/base/videoframepool.cc module of the Google Chrome browser is related to memory initialization errors for the video-frame data structure. Exploiting this vulnerability may allow a remote attacker to cause service...
Lexmark Printer Competitive Conditions Vulnerability
Lexmark printer is a printer product from Lexmark, USA. A competitive condition vulnerability exists in the initialization process of the Lexmark printer. A remote attacker can bypass authentication via incorrect detection of security-jumper state...
CVE-2016-1896
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status...
CVE-2016-1614
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a...
Design/Logic Flaw
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a...
CVE-2016-1614
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a...
UBUNTU-CVE-2016-1614
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a...
we7cms directory traversal vulnerability
we7cms is a content management system based on asp.net development. The we7cms V3.0 system has multiple directory traversal vulnerabilities that can be exploited by attackers to obtain sensitive information through database initialization and table building statements...
DEBIAN-CVE-2015-8741
The dissectppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service application crash via a crafted packet...
CVE-2015-6471
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data...