6681 matches found
Fedora 25 : webkitgtk4 (2017-b015aa1d33)
This update addresses the following vulnerabilities : - CVE-2016-7656, CVE-2016-7635, CVE-2016-7654, CVE-2016-7639, CVE-2016-7645, CVE-2016-7652, CVE-2016-7641, CVE-2016-7632, CVE-2016-7599, CVE-2016-7592, CVE-2016-7589, CVE-2016-7623, CVE-2016-7586 Additional fixes : - Create GLX OpenGL contexts...
[SECURITY] Fedora 25 Update: webkitgtk4-2.14.3-1.fc25
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
Adobe Acrobat < 11.0.19 / 15.006.30279 / 15.023.20053 Multiple Vulnerabilities (APSB17-01) (macOS)
The version of Adobe Acrobat installed on the remote macOS or Mac OS X host is prior to 11.0.19, 15.006.30279, or 15.023.20053. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of unspecified input. An unauthenticated,...
January 10, 2017—KB3210721 (OS Build 10586.753)
January 10, 2017—KB3210721 OS Build 10586.753 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed security issues related to Microsoft Edge. If you installed earlier updates, only th...
January 10, 2017—KB3210720 (OS Build 10240.17236)
January 10, 2017—KB3210720 OS Build 10240.17236 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed security issues related to Microsoft Edge If you installed earlier updates, only t...
January 10, 2017—KB3213986 (OS Build 14393.693)
January 10, 2017—KB3213986 OS Build 14393.693 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of Groove Music playback in the background, App-V, video playback and...
MS12-078: Description of the security update for the Windows OpenType Compact Font Format (CFF) driver: December 11, 2012
MS12-078: Description of the security update for the Windows OpenType Compact Font Format CFF driver: December 11, 2012 INTRODUCTION Microsoft has released security bulletin MS12-078. To view the complete security bulletin, go to one of the following Microsoft websites: Home users:...
CVE-2016-4295
When opening a Hangul Hcell Document .cell and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data for a formula used to render a chart via the...
Cross-site Scripting (XSS)
cookie-flash-messages is vulnerable to cross-site scripting XSS attacks.These attacks are possible because data is rendered directly onto the screen from the cookie. If a malicious user were to tamper with the cookie to contain code, this code could be executed...
MS16-148: Description of the security update for Excel 2013: December 13, 2016
MS16-148: Description of the security update for Excel 2013: December 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...
Microsoft Browser Scripting Engine Memory Corruption (MS16-145: CVE-2016-7287)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
UBUNTU-CVE-2016-9426
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service OOM and possibly execute arbitrary code due to bdwgc's bug CVE-2016-9427 via a crafted HTML page...
chromium-browser: local file access in pdfium
PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file...
Fun hacks for faster content
A few weeks ago I was at Heathrow airport getting a bit of work done before a flight, and I noticed something odd about the performance of GitHub: It was quicker to open links in a new window than simply click them. Here's a video I took at the time: GitHub link click vs new tab Here I click a...
Cross-site Scripting (XSS)
Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Cross-site Scripting by letting the attacker under certain conditions control and override the filename option causing it to render the value as is, without escaping it. You can read more...
[SECURITY] Fedora 23 Update: zathura-pdf-mupdf-0.3.0-3.fc23
This plugin adds PDF support to zathura using the mupdf rendering engine...
Remote Code Execution (RCE)
Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Remote Code Execution by letting the attacker under certain conditions control the source folder from which the engine renders include files. You can read more about this vulnerability on th...
The React application in the most common XSS exploits and Defense-vulnerability warning-the black bar safety net
The author has been firmly React technology stack of the user, and therefore will pay attention to the React application security related topics. The author in my ownReact+Redux+Webpack2scaffolding the third level also uses a lot of server-side rendering/isomorphism straight out of the technology...
Foreman < 1.11.1 Information Disclosure Vulnerability
Foreman is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman";...
CentOS 7 : poppler (CESA-2016:2580)
An update for poppler is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...