6682 matches found
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3291-2)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3291-2 advisory. USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This update provides the corresponding updates for the Linux kernel built for specific...
USN-3291-2 linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This update provides the corresponding updates for the Linux kernel built for specific processors and cloud environments. Dmitry Vyukov discovered that the generic SCSI sg subsystem in the Linux kernel contained a stack-based buffer...
USN-3291-1 linux vulnerabilities
Dmitry Vyukov discovered that the generic SCSI sg subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-7187 It was discovered that a...
Ubuntu: Security Advisory (USN-3293-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Arbitrary Code Execution Vulnerabilities in MuPDF Identified and Patched
Talos is disclosing the presence of two vulnerabilities in the Artifex MuPDF renderer. MuPDF is a lightweight PDF parsing and rendering library featuring high fidelity graphics, high speed, and compact code size which makes it a fairly popular PDF library for embedding in different projects,...
CVE-2017-0229
A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235,...
Remote code execution
A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235,...
CVE-2017-0241
Mode C: CVE-2017-0241 affects Microsoft Edge. The vulnerability is an elevation of privilege when Edge renders a domain-less URL, allowing actions in the Intranet Zone. Affected component: Edge rendering/domain handling; root cause details are not fully enumerated in the provided docs beyond the ...
[SECURITY] Fedora 25 Update: freetype-2.6.5-7.fc25
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
[SECURITY] Fedora 24 Update: freetype-2.6.3-5.fc24
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
[SECURITY] Fedora 26 Update: freetype-2.7.1-6.fc26
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
DEBIAN-CVE-2017-7994
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted PDF document...
CVE-2017-7870
An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the...
[SECURITY] Fedora 26 Update: mupdf-1.10a-5.fc26
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
The vulnerability of the Adobe Reader PDF viewer program allows a hacker to execute arbitrary code.
The vulnerability of the Adobe Reader PDF viewer program arises from an operation that goes beyond the buffer boundaries in memory within the rendering system. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memory corruption remotely...
Microsoft Edge browser vulnerability, allowing a hacker to execute arbitrary code
The vulnerability of the rendering mechanisms for executing browser scripts in Microsoft Edge arises from the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Microsoft Edge browser vulnerability, allowing a hacker to execute an application with privileges of the current user
The vulnerability of the rendering mechanisms for executing browser script scenarios in Microsoft Edge is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a malicious actor to execute an application with privileges of the current user...
[SECURITY] Fedora 26 Update: mupdf-1.10a-4.fc26
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
[SECURITY] Fedora 26 Update: webkitgtk4-2.16.0-1.fc26
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
CVE-2017-3010
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution...