3839 matches found
PT-2014-2877
Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2 Description A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. This could potentially lead to unauthorized...
ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...
SuSE 11.2 / 11.3 Security Update : flash-player (SAT Patch Numbers 8773 / 8774)
This update fixes the following security issues with flash-player : - flash-player: security protection bypass bnc858822APSB14-02 - These updates resolve a vulnerability that could be used to bypass Flash Player security protections. CVE-2014-0491 - These updates resolve an address leak...
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
Updated java-1.7.0-openjdk packages fix security vulnerabilities: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could...
Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:011)
Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk : An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java applicatio...
RedHat Update for java-1.7.0-openjdk RHSA-2014:0026-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0030)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0030 advisory. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes...
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140115)
An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...
CVE-2013-5907
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...
java security update
CentOS Errata and Security Advisory CESA-2014:0027 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...
flash-plugin: memory address layout randomization defeat (APSB14-02)
Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection...
CVE-2013-5907
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...
CVE-2013-5907
CVE-2013-5907 is an Oracle Java SE vulnerability affecting multiple Java runtimes (5.0u55, 6u65, 7u45; JRockit R27.7.7/R28.2.9; Java SE Embedded 7u45; OpenJDK 7). The issue is described as an unspecified vulnerability related to the 2D component, with the root cause reportedly linked by third‑par...
ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...
ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...
Flash Player for Mac <= 11.7.700.257 / 11.9.900.170 Multiple Vulnerabilities (APSB14-02)
According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.257 / 11.8.x or 11.9.x equal or prior to 11.9.900.170. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified vulnerability exists that ca...
WordPress Page Layout Builder插件"layout_settings_id"跨站脚本漏洞
WordPress是一款内容管理系统。 由于传递到wp-content/plugins/page-layout-builder/includes/layout-settings.php中"layoutsettingsid" GET参数的输入在返回用户前没有正确过滤,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 WordPress Page Layout Builder Plugin 1.x 厂商补丁: WordPress ----- WordPress Page Layout Builder Plugin...
[PDFMiner] Python PDF parser and analyzer
PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF...
MS13-106: Farewell to another ASLR bypass
Today we released MS13-106 which resolves a security feature bypass that can allow attackers to circumvent Address Space Layout Randomization ASLR using a specific DLL library HXDS.DLL provided as part of Microsoft Office 2007 and 2010. The existence of an ASLR bypass does not directly enable the...