6686 matches found
CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
Information disclosure
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information...
CVE-2017-15577
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information...
UBUNTU-CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
UBUNTU-CVE-2017-15569
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...
DEBIAN-CVE-2017-15576
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...
DEBIAN-CVE-2017-15569
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...
UBUNTU-CVE-2017-15577
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information...
CVE-2017-15577
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information...
The vulnerabilities of Microsoft Edge and Internet Explorer involve improper memory management by JavaScript mechanisms when displaying content, allowing attackers to execute arbitrary code.
Vulnerability of browsers Internet Explorer and Microsoft Edge, where JavaScript memory-management mechanisms malfunction when displaying content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...
USN-3440-1: poppler vulnerabilities
It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. CVE-2017-14518, CVE-2017-14520, CVE-2017-14617, CVE-2017-14929, CVE-2017-14975, CVE-2017-14977 It was discover...
USN-3433-1: poppler vulnerabilities
It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial service. This issue only affected Ubuntu 17.04. CVE-2017-14517 It was discovered that Poppler incorrectly handled certain...
[SECURITY] Fedora 27 Update: poppler-0.57.0-2.fc27
poppler is a PDF rendering library...
CVE-2017-14921
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...
CVE-2017-14920
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator...
CVE-2017-14922
Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...
[SECURITY] Fedora 26 Update: poppler-0.52.0-5.fc26
poppler is a PDF rendering library...
Debian DLA-1116-1 : poppler security update
It was discovered that poppler, a PDF rendering library, was affected by several denial of service application crash, NULL pointer dereferences and memory corruption bugs : CVE-2017-14517 NULL pointer Dereference in the XRef::parseEntry function in XRef.cc CVE-2017-14519 Memory corruption occurs ...
[SECURITY] [DLA 1116-1] poppler security update
Package : poppler Version : 0.18.4-6+deb7u3 CVE ID : CVE-2017-14517 CVE-2017-14519 CVE-2017-14617 Debian Bug : 876086 876385 876079 It was discovered that poppler, a PDF rendering library, was affected by several denial-of-service application crash, null pointer dereferences and memory corruption...