49 matches found
Microsoft Internet Explorer Remote Code Execution Vulnerability(CVE-2017-8618)
There is a type confusion issue related to how some arithmetic operations are performed in VBScript. To illustrate, see the following simplified code of VbsVarMod static unsigned char resultlookuptable1818 = ... void VbsVarModVAR v1, VAR v2 VAR arithv1 = v1-PvarGetArithVal; VAR arithv2 =...
openSUSE Security Update : go (openSUSE-2016-907)
This update for go fixes the following issues : - CVE-2015-5739: 'Content Length' treated as valid header - CVE-2015-5740: Double content-length headers does not return 400 error - CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections Go was...
Apple Mac OSX - 'IOHDIXControllerUserClient::convertClient' Buffer Integer Overflow
/ Source: https://code.google.com/p/google-security-research/issues/detail?id=511 Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x100 byte structure input from which it reads a userspace pointer and a size which it passes to IOHDIXController::convertClientBuffer. Thi...
FreeType 'bdf/bdflib.c' Security Bypass Vulnerability
FreeType is a library of popular font functions. A security bypass vulnerability exists in FreeType 'bdf/bdflib.c' due to the program failing to correctly identify property names. Allows a remote attacker to discover heap pointer values and bypass the mechanism for making BDF font ASLR protection...
DEBIAN-CVE-2014-9675
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font...
Design/Logic Flaw
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font...
CVE-2014-9675
CVE-2014-9675 is a vulnerability in FreeType prior to 2.5.4 where bdf/bdflib.c identifies property names by matching only an initial substring. This allows remote attackers to discover heap pointer values and bypass ASLR via a crafted BDF font. Affected: FreeType library (before 2.5.4); impact is...
CVE-2014-9675
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font...
UBUNTU-CVE-2014-9675
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font...