6681 matches found
[SECURITY] Fedora 23 Update: webkitgtk4-2.10.9-1.fc23
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
The vulnerability of Firefox ESR, the rendering software Graphite 2, and the Thunderbird email client, which allows a hacker to trigger a service failure or obtain confidential information.
The vulnerability of the TtfUtil:LocaLookup function in the Firefox ESR browser, the Graphite 2 rendering software, and the Thunderbird email client is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to obtain confidential information ...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.
The vulnerability in the WebKit/Source/core/layout/LayoutBlock.cpp function of the Google Chrome browser’s Blink kernel exists due to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to cause a service failure the appearance of a “Assertion failure” window ...
Mozilla Thunderbird < 38.4 Multiple Vulnerabilities
Binary data 9151.prm...
openSUSE Security Update : webkit2gtk3 (openSUSE-2016-340)
This update for webkit2gtk3 fixes the following issues : - Update to version 2.10.7 : + Fix the build with GTK+ 3.16. - Changes from version 2.10.6 : + Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker thread that made google maps to hang. + Fix medi...
rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix
A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code...
USN-2927-1: graphite2 vulnerabilities
It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary...
Debian DSA-3515-1 : graphite2 - security update
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
[SECURITY] [DSA 3515-1] graphite2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3515-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 13, 2016 https://www.debian.org/security/faq -...
CVE-2016-2797
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart...
Debian Security Advisory DSA 3515-1 (graphite2 - security update)
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. OpenVAS Vulnerability Test $Id: deb3515.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from...
DSA-3515-1 graphite2 - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3515-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3509-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3509-1 [email protected] https://www.debian.org/security/ Luciano Bello March 09, 2016 https://www.debian.org/security/faq -...
Google Updates Chrome, Fixes Three High Severity Issues
Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process. The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week. Two of the...
Google Chrome < 49.0.2623.87 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 49.0.2623.87. It is, therefore, affected by multiple vulnerabilities as referenced in the 201603stable-channel-update8 advisory. - Multiple integer signedness errors in the opjj2kupdateimagedata function in j2k.c in...
Google Chrome < 49.0.2623.87 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 49.0.2623.87. It is, therefore, affected by multiple vulnerabilities as referenced in the 201603stable-channel-update8 advisory. - Multiple integer signedness errors in the opjj2kupdateimagedata function in j2k.c in...
USN-2904-1 thunderbird vulnerabilities
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. CVE-2015-7575 Yves Younan discovered that...
CVE-2016-2797
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart...
Local file overwriting and potential privilege escalation through CSP reports — Mozilla
Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy CSP violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive,...