6684 matches found
UBUNTU-CVE-2017-7806
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox 55...
CVE-2017-8669
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers...
CVE-2017-8635
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that...
August 8, 2017—KB4034679 (Security-only update)
August 8, 2017—KB4034679 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Security updates to Windows Server, Microsoft JET Database Engine, Windows kernel-mod...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...
[SECURITY] Fedora 24 Update: webkitgtk4-2.16.6-1.fc24
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
libreoffice: Heap-buffer-overflow in tools::Polygon::Insert
An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the...
[SECURITY] Fedora 25 Update: webkitgtk4-2.16.6-1.fc25
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
Fedora 25 : webkitgtk4 (2017-73d6a0dfbb)
This update addresses the following vulnerabilities : - CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 Additional fixes : - Fix rendering of spin buttons with GTK+ = 3.20 when the...
Fedora 26 : webkitgtk4 (2017-24bddb96b5)
This update addresses the following vulnerabilities : - CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 Additional fixes : - Fix rendering of spin buttons with GTK+ = 3.20 when the...
[SECURITY] Fedora 26 Update: webkitgtk4-2.16.6-1.fc26
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
Fedora 24 : webkitgtk4 (2017-37f68e3534)
This update addresses the following vulnerabilities : - CVE-2017-2538 Additional fixes : - Fix web process deadlock when seeking youtube videos. - Fix blob downloads. - Improve theme rendering performance when using GTK+ = 3.20. - Fix positioning of popup menus in Wayland. - Fix JavaScriptCore...
CVE-2017-5107
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...
[SECURITY] Fedora 24 Update: webkitgtk4-2.16.5-1.fc24
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
USN-3364-1 linux, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker...
Legal Robot: Pages don't render in old browsers like IE11
While working on another report, a security researcher discovered that a change in Legal Robot's code conversion of some code to ES6 arrow functions caused pages not to render in older browsers like IE 11. While there was no security impact, Legal Robot asked the researcher to submit a report to...
DEBIAN-CVE-2017-1000044
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering...
Memory corruption
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering...
UBUNTU-CVE-2017-1000044
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering...