[SECURITY] Fedora 36 Update: zathura-pdf-mupdf-0.3.7-6.fc36

This plugin adds PDF support to zathura using the mupdf rendering engine...

[SECURITY] Fedora 34 Update: zathura-pdf-mupdf-0.3.7-2.fc34

This plugin adds PDF support to zathura using the mupdf rendering engine...

Threat Source newsletter (Sept. 9, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. The biggest security news this week is no doubt another Microsoft zero-day. On the heels of PrintNightmare and multiple Exchange Server vulnerabilities comes a code execution vulnerability in MSHTML, the rendering engine... This is...

[SECURITY] Fedora 34 Update: zathura-pdf-mupdf-0.3.6-6.fc34

This plugin adds PDF support to zathura using the mupdf rendering engine...

[SECURITY] Fedora 33 Update: zathura-pdf-mupdf-0.3.6-4.fc33

This plugin adds PDF support to zathura using the mupdf rendering engine...

Base3D Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Base3D rendering engine...

GHSA-PQPP-2363-649V Cross-Site Scripting in buttle

All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available. Consider...

Cross-Site Scripting in buttle

All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available. Consider...

CVE-2020-1018

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a mask...

CVE-2020-1018

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a mask...

CVE-2020-1018

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a mask...

Microsoft Dynamics Business Central/NAV Information Disclosure

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page. The attacker who successfully exploited the vulnerability could see the information that are in a...

Cross-Site Scripting

Overview All versions of harp are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, harp does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious files. Recommendation No fix is currently available. Consider usin...

Denial Of Service (Dos)

freetype is vulnerable to denial of service. This is due to an out-of-bounds read when the rendering engine processes certain Glyph Bitmap Distribution Format BDF fonts. An attacker is able to crash a user's application, or potentially execute arbitrary code, via a malicious font file that is...

CVE-2018-4902

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted P...

CVE-2018-4902

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted P...

CVE-2018-4902

CVE-2018-4902 affects Adobe Acrobat Reader (Windows/macOS) versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier. It is a use-after-free in the rendering engine triggered by a crafted PDF containing a video annotation with embedded JavaScript, leading to ...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...

Double free

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-11231

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution...