6681 matches found
Google Chrome < 57.0.2987.98 Multiple Vulnerabilities
Binary data 9991.pasl...
The vulnerability of the iOS operating system, which allows attackers to carry out XSS attacks
The vulnerability of the WebKit component of the iOS operating system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform XSS attacks injection of malicious code on the Safari browser remotely...
[SECURITY] Fedora 25 Update: mupdf-1.10a-4.fc25
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
Rockstar Games: Control Character Injection In Messages
This report involved the injection of control characters, such as Null Byte 0x00, into vulnerable fields in the Message endpoints in order to cause unexpected, harmful behaviors. Our solution was to both block control characters from being saved on the backend when included in user-input, as well...
MDwiki < 0.6.2 - Cross-Site Scripting
Originally thought that only a problem with Tencent's site implementation, the black brother reminded me to look at the Github address in the source code, only to find the open source MDwiki universal system. MDwiki is a wiki/CMS system built entirely on HTML5/Javascript technology and runs...
[SECURITY] Fedora 24 Update: mupdf-1.10a-1.fc24
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
Fedora 25 : webkitgtk4 (2017-0beb752b6e)
This update addresses the following vulnerabilities : - CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373 Additional fixes : - Make accelerating compositing mode...
[SECURITY] Fedora 24 Update: webkitgtk4-2.14.5-1.fc24
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
[SECURITY] Fedora 25 Update: webkitgtk4-2.14.5-1.fc25
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
Autodesk Backburner Manager 3 Null Pointer Reference Denial of Service Vulnerability
Backburner is network rendering management software. A null pointer reference denial of service vulnerability exists in Autodesk Backburner Manager 3. An attacker can cause a denial of service by sending a large number of invalid parameters resulting in a null pointer reference...
Buffer overflow
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317...
UBUNTU-CVE-2016-7446
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317...
DEBIAN-CVE-2016-7446
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317...
January 10, 2017—KB3210720 (OS Build 10240.17236)
January 10, 2017—KB3210720 OS Build 10240.17236 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed security issues related to Microsoft Edge If you installed earlier updates, only t...
The vulnerability of Google Chrome browser allows a perpetrator to gain access to protected information.
The vulnerability of the PDFium component in the Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information through a specially created PDF file...
Cross site scripting
IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2016-8936
The CVE-2016-8936 entry concerns IBM Social Rendering Templates for Digital Data Connector. Available connected sources confirm a Cross-Site Scripting (XSS) vulnerability in the Web UI, which could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trust...
CVE-2016-6908
Characters from languages are such as Arabic, Hebrew are displayed from RTL Right To Left order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with first strong character such as an IP...
Design/Logic Flaw
Characters from languages are such as Arabic, Hebrew are displayed from RTL Right To Left order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with first strong character such as an IP...
Fedora 24 : webkitgtk4 (2017-d317f6fb61)
This update addresses the following vulnerabilities : - CVE-2016-7656, CVE-2016-7635, CVE-2016-7654, CVE-2016-7639, CVE-2016-7645, CVE-2016-7652, CVE-2016-7641, CVE-2016-7632, CVE-2016-7599, CVE-2016-7592, CVE-2016-7589, CVE-2016-7623, CVE-2016-7586 Additional fixes : - Create GLX OpenGL contexts...