CVE-2017-2445

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via crafted frame objects...

CVE-2017-2445

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via crafted frame objects...

Shopify: XSS in $shop$.myshopify.com/admin/ via "Button Objects" in malicious app

This report is similar in impact, exploitability and root-cause as report 205701 requiring an additional step of user-interaction. Description The Shopify Embedded App SDK is used to facilitate limited interactions with parent page /admin/apps/$id from an embedded app within the shop admin...

CVE-2017-2445

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via crafted frame objects...

UBUNTU-CVE-2017-2445

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via crafted frame objects...

Null pointer dereference

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be...

CVE-2017-7374

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be...

CVE-2017-7374

CVE-2017-7374 is a use-after-free in the Linux kernel fs/crypto/ subsystem prior to 4.10.7, where revoking keyring keys used for ext4, f2fs, or ubifs encryption can free cryptographic transform objects prematurely. This enables local attackers to cause a denial of service via a NULL pointer deref...

DEBIAN-CVE-2014-9804

vision.c in ImageMagick allows remote attackers to cause a denial of service infinite loop via vectors related to "too many object."...

UBUNTU-CVE-2014-9804

vision.c in ImageMagick allows remote attackers to cause a denial of service infinite loop via vectors related to "too many object."...

PT-2017-6397 · Imagemagick · Imagemagick

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This is related to vectors involving "too many object" in the vision.c file of ImageMagick...

Stack overflow

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects...

CVE-2014-9939

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects...

CVE-2014-9939

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects...

CVE-2014-9939

CVE-2014-9939 affects GNU Binutils where the ihex.c module contains a stack buffer overflow when printing bad bytes in Intel Hex objects. The advisory cites Binutils versions before 2.26 as vulnerable, with the flaw rooted in ihex.c and resulting in a stack-based overflow that can lead to a crash...

CVE-2014-9939

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects...

Microsoft Windows Uniscribe Information Disclosure Vulnerability (CNVD-2017-03757)

Microsoft Uniscribe is a component of the Windows operating system developed by Microsoft Corporation for the correct presentation of Unicode characters. An information disclosure vulnerability exists in Microsoft Uniscribe's handling of in-memory objects, which allows remote attackers to exploit...

Design/Logic Flaw

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors...

DEBIAN-CVE-2014-9852

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors...

UBUNTU-CVE-2014-9852

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors...