5743 matches found
CVE-2017-7961
The CVE-2017-7961 issue affects libcroco up to version 0.6.12 (cr-tknzr_parse_rgb in cr-tknzr.c). The function may exhibit undefined behavior by converting a double RGB component to a long, potentially enabling denial of service (application crash) or other impact via a crafted CSS file. This is ...
CVE-2017-7960
Removed by vendor...
CVE-2017-7961
The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...
CVE-2017-7960
The crinputnewfromuri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted CSS file...
Fedora 24 : webkitgtk4 (2017-0f38995622)
Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...
Fedora 25 : webkitgtk4 (2017-25ffd5b236)
Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...
Microsoft Outlook - HTML Email Denial of Service Exploit
Exploit for windows platform in category dos / poc Source: https://justhaifei1.blogspot.ca/2017/03/an-interesting-outlook-bug.html When you send this email to someone, when he/she just read the email, Outlook will crash. MSRC told me that they think it's a non-exploitable bug and it seems that th...
Microsoft Outlook - HTML Email Denial of Service
Microsoft Outlook - HTML Email Denial of Service Source: https://justhaifei1.blogspot.ca/2017/03/an-interesting-outlook-bug.html When you send this email to someone, when he/she just read the email, Outlook will crash. MSRC told me that they think it's a non-exploitable bug and it seems that they...
Microsoft Outlook - HTML Email Denial of Service
Source: https://justhaifei1.blogspot.ca/2017/03/an-interesting-outlook-bug.html When you send this email to someone, when he/she just read the email, Outlook will crash. MSRC told me that they think it's a non-exploitable bug and it seems that they are not going to fix it in near future, I'm...
Updated roundcubemail package fixes security vulnerability
rcubeutils.php in Roundcube before 1.1.8 and before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS token sequence within an SVG element CVE-2017-6820...
Microsoft Edge CTransitionValues Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
March 14, 2017—KB4013429 (OS Build 14393.953)
March 14, 2017—KB4013429 OS Build 14393.953 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed known issue called out in KB3213986. Users may experience delays while running 3D...
UBUNTU-CVE-2017-6820
rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS token sequence within an SVG element...
CVE-2017-6820
rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS token sequence within an SVG element...
CVE-2017-6820
rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS token sequence within an SVG element...
CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...
Type confusion
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...
CVE-2017-0037
CVE-2017-0037 affects Microsoft Internet Explorer 10/11 and Microsoft Edge via a type confusion in mshtml.dll (Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement), enabling remote code execution through crafted CSS/JS sequences. Connected sources note public exploitation acti...
CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...
CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...