Lucene search
K

6682 matches found

OSV
OSV
added 2016/06/05 11:59 p.m.2 views

UBUNTU-CVE-2016-1685

core/fxge/ge/fxgetext.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document...

6.5CVSS7AI score0.0128EPSS
Exploits0References3
Fedora
Fedora
added 2016/05/28 11:55 p.m.30 views

[SECURITY] Fedora 23 Update: webkitgtk4-2.12.3-1.fc23

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...

8.8CVSS1.8AI score0.02905EPSS
Exploits0
Fedora
Fedora
added 2016/05/26 5:35 p.m.29 views

[SECURITY] Fedora 24 Update: webkitgtk4-2.12.3-1.fc24

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...

8.8CVSS1.8AI score0.02905EPSS
Exploits0
Fedora
Fedora
added 2016/05/24 1:40 a.m.24 views

[SECURITY] Fedora 23 Update: imlib2-1.4.9-1.fc23

Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...

9.8CVSS1.4AI score0.05839EPSS
Exploits0
Fedora
Fedora
added 2016/05/23 8:26 p.m.27 views

[SECURITY] Fedora 24 Update: imlib2-1.4.9-1.fc24

Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...

9.8CVSS1.4AI score0.05839EPSS
Exploits0
FreeBSD
FreeBSD
added 2016/05/20 12:0 a.m.13 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: Security fixes: T122056: Old tokens are remaining valid within a new session T127114: Login throttle can be tricked using non-canonicalized usernames T123653: Cross-domain policy regexp is too narrow T123071: Incorrectly identifying http link in a's href attributes, due to m...

2.4AI score
Exploits0References1
CNVD
CNVD
added 2016/05/16 12:0 a.m.4 views

Google Chrome TreeScope::adoptIfNeeded function homology policy bypass vulnerability

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A same-origin policy bypass vulnerability exists in the 'TreeScope::adoptIfNeeded' function in the WebKit/Source/core/dom/TreeScope.cpp file in...

8.8CVSS9AI score0.02088EPSS
Exploits1References1
exploitpack
exploitpack
added 2016/05/06 12:0 a.m.12 views

Adobe Flash (Multiple Scripts) - Use-After-Free When Rendering Displays (2)

Adobe Flash Multiple Scripts - Use-After-Free When Rendering Displays 2 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=719 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note th...

0.5AI score
Exploits0
0day.today
0day.today
added 2016/05/06 12:0 a.m.48 views

Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts (2)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=719 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note the PoC is somewhat...

10CVSS0.4AI score0.2281EPSS
Exploits2
Exploit DB
Exploit DB
added 2016/05/06 12:0 a.m.23 views

Adobe Flash (Multiple Scripts) - Use-After-Free When Rendering Displays (2)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=719 There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note the PoC is somewhat unreliable on some browsers, sometimes it needs to...

7.4AI score
Exploits0
Ubuntu
Ubuntu
added 2016/05/02 4:58 p.m.55 views

USN-2958-1: poppler vulnerabilities

It was discovered that the poppler pdfseparate tool incorrectly handled certain filenames. A local attacker could use this issue to cause the tool to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS. CVE-2013-4473,...

9.3CVSS7.8AI score0.10483EPSS
Exploits1
OpenVAS
OpenVAS
added 2016/05/01 12:0 a.m.26 views

Debian Security Advisory DSA 3563-1 (poppler - security update)

It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened. OpenVAS Vulnerability Test $Id: deb3563.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA...

9.3CVSS0.1AI score0.04557EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/04/27 12:0 a.m.23 views

Fedora 22 : webkitgtk4-2.12.1-1.fc22 (2016-ac1dff014c)

Highlights in 2.12.0: Enable FTL by default in JavaScriptCore for x8664. Network process is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. Switch to use overlay scrollbars like all other GTK+ widge...

5.5AI score
Exploits0References1
Fedora
Fedora
added 2016/04/25 10:22 p.m.14 views

[SECURITY] Fedora 22 Update: webkitgtk4-2.12.1-1.fc22

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...

1.8AI score
Exploits0
Fedora
Fedora
added 2016/04/24 5:23 a.m.12 views

[SECURITY] Fedora 23 Update: webkitgtk4-2.12.1-1.fc23

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...

1.8AI score
Exploits0
NVD
NVD
added 2016/04/22 6:59 p.m.11 views

CVE-2016-1916

Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...

5.4CVSS5.3AI score0.00802EPSS
Exploits0References2
Prion
Prion
added 2016/04/22 6:59 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...

3.5CVSS5.7AI score0.00802EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/04/22 6:0 p.m.15 views

CVE-2016-1916

Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...

5.3AI score0.00802EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/04/22 12:0 a.m.21 views

Fedora 24 : webkitgtk4-2.12.1-1.fc24 (2016-73c0897e5e)

Highlights in 2.12.0: Enable FTL by default in JavaScriptCore for x8664. Network process is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. Switch to use overlay scrollbars like all other GTK+ widge...

5.5AI score
Exploits0References1
Fedora
Fedora
added 2016/04/20 3:29 p.m.13 views

[SECURITY] Fedora 24 Update: webkitgtk4-2.12.1-1.fc24

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...

1.8AI score
Exploits0
Rows per page
Query Builder