6682 matches found
UBUNTU-CVE-2016-1685
core/fxge/ge/fxgetext.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document...
[SECURITY] Fedora 23 Update: webkitgtk4-2.12.3-1.fc23
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
[SECURITY] Fedora 24 Update: webkitgtk4-2.12.3-1.fc24
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
[SECURITY] Fedora 23 Update: imlib2-1.4.9-1.fc23
Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...
[SECURITY] Fedora 24 Update: imlib2-1.4.9-1.fc24
Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Security fixes: T122056: Old tokens are remaining valid within a new session T127114: Login throttle can be tricked using non-canonicalized usernames T123653: Cross-domain policy regexp is too narrow T123071: Incorrectly identifying http link in a's href attributes, due to m...
Google Chrome TreeScope::adoptIfNeeded function homology policy bypass vulnerability
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A same-origin policy bypass vulnerability exists in the 'TreeScope::adoptIfNeeded' function in the WebKit/Source/core/dom/TreeScope.cpp file in...
Adobe Flash (Multiple Scripts) - Use-After-Free When Rendering Displays (2)
Adobe Flash Multiple Scripts - Use-After-Free When Rendering Displays 2 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=719 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note th...
Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts (2)
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=719 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note the PoC is somewhat...
Adobe Flash (Multiple Scripts) - Use-After-Free When Rendering Displays (2)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=719 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note the PoC is somewhat unreliable on some browsers, sometimes it needs to...
USN-2958-1: poppler vulnerabilities
It was discovered that the poppler pdfseparate tool incorrectly handled certain filenames. A local attacker could use this issue to cause the tool to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS. CVE-2013-4473,...
Debian Security Advisory DSA 3563-1 (poppler - security update)
It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened. OpenVAS Vulnerability Test $Id: deb3563.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA...
Fedora 22 : webkitgtk4-2.12.1-1.fc22 (2016-ac1dff014c)
Highlights in 2.12.0: Enable FTL by default in JavaScriptCore for x8664. Network process is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. Switch to use overlay scrollbars like all other GTK+ widge...
[SECURITY] Fedora 22 Update: webkitgtk4-2.12.1-1.fc22
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
[SECURITY] Fedora 23 Update: webkitgtk4-2.12.1-1.fc23
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
CVE-2016-1916
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...
Cross site scripting
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...
CVE-2016-1916
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...
Fedora 24 : webkitgtk4-2.12.1-1.fc24 (2016-73c0897e5e)
Highlights in 2.12.0: Enable FTL by default in JavaScriptCore for x8664. Network process is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. Switch to use overlay scrollbars like all other GTK+ widge...
[SECURITY] Fedora 24 Update: webkitgtk4-2.12.1-1.fc24
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...