Lucene search
K

6685 matches found

Atlassian
Atlassian
added 2015/09/01 2:42 p.m.23 views

change fontset 'icons' to html entities to improve security compliance

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-38988. panel It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization...

Exploits0Affected Software1
Hacker One
Hacker One
added 2015/08/27 12:9 a.m.17 views

Phabricator: Dashboard panel embedded onto itself causes a denial of service

I know this may not qualify for a bounty since it's a DoS, but I believe you'd rather get sensitive reports through HackerOne rather than Maniphest. PS: mongoose. Steps to reproduce ================ In Dashboards, create a new Text Panel let's say it would get the object reference W1 on creation...

0.2AI score
Exploits0
OSV
OSV
added 2015/08/27 12:0 a.m.2 views

UBUNTU-CVE-2015-4497

Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...

10CVSS7.7AI score0.08007EPSS
Exploits0References4
CNVD
CNVD
added 2015/08/19 12:0 a.m.2 views

Apple OS X History Search Vulnerability

Apple OS X is a BSD-based operating system distributed by Apple. Apple OS X Quicklook has a security vulnerability that allows local users to search for previously viewed visited WEB sites, launch a WEB browser, and render WEB sites...

4.3CVSS6.4AI score0.01728EPSS
Exploits0References1
exploitpack
exploitpack
added 2015/08/19 12:0 a.m.14 views

Flash - Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory

Flash - Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory Source: https://code.google.com/p/google-security-research/issues/detail?id=326&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2015/08/19 12:0 a.m.25 views

Flash - Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory

Source: https://code.google.com/p/google-security-research/issues/detail?id=326&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=475018 Credit is to bilou, working with the Chromium Vulnerability Rewards...

7.4AI score
Exploits0
Fedora
Fedora
added 2015/08/18 5:18 a.m.14 views

[SECURITY] Fedora 22 Update: webkitgtk4-2.8.5-1.fc22

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...

1.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.17 views

Fedora 22 : webkitgtk4-2.8.5-1.fc22 (2015-13001)

WebKitGTK+ 2.8.5 includes fixes for 3 security issues. Additional fixes : - Fix the window size reported when the web view isn't realized yet. This fixes the layout of some websites when opening new tabs in the browser and anchor links when opened in new tabs too. - Prevent clipboard contents fro...

5.5AI score
Exploits0References1
NVD
NVD
added 2015/08/15 12:59 a.m.17 views

CVE-2015-2455

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1,...

9.3CVSS7.3AI score0.37429EPSS
Exploits2References4
Metasploit
Metasploit
added 2015/08/14 5:7 p.m.59 views

Firefox PDF.js Browser File Theft

This module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files...

8.8CVSS8.2AI score0.70226EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2015/08/13 12:0 a.m.33 views

SUSE SLED12 / SLES12 Security Update : libqt4 (SUSE-SU-2015:1359-1)

The libqt4 library was updated to fix several security and non security issues. The following vulnerabilities were fixed : - bsc921999: CVE-2015-0295: division by zero when processing malformed BMP files - bsc927806: CVE-2015-1858: segmentation fault in BMP Qt Image Format Handling - bsc927807:...

6.8CVSS6.9AI score0.08736EPSS
Exploits0References15
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.60 views

XSS vulnerability in OFBiz forms

https://issues.apache.org/jira/browse/OFBIZ-6506 In Ofbiz form need to escape characters from description column in a display-entity tag to avoid XSS attacks. display-entity entity-name="Table" description="$description" I tried to use bsh, as following: display-entity entity-name="Table"...

0.2AI score
Exploits0
Fedora
Fedora
added 2015/07/21 8:21 a.m.18 views

[SECURITY] Fedora 22 Update: php-horde-Horde-Form-2.0.10-1.fc22

The HordeForm package provides form rendering, validation, and other functionality for the Horde Application Framework...

1.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/20 12:0 a.m.22 views

Fedora 22 : webkitgtk4-2.8.4-2.fc22 (2015-11395)

WebKitGTK+ 2.8.4 includes fixes for 12 security issues. Additional fixes : - Make WebSQL work by using a default quota instead of always failing in openDatabase with DOM Exception 18. - Improve detection and usage of GL/GLES/EGL libraries. - Fix a crash on memory allocation using bmalloc on 32bit...

5.5AI score
Exploits0References2
Fedora
Fedora
added 2015/07/18 2:2 a.m.12 views

[SECURITY] Fedora 22 Update: webkitgtk4-2.8.4-2.fc22

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2015/06/25 6:21 a.m.11 views

ThisData: Xss via Dropbox

ThisData formerly Revert provides the ability to backup Dropbox files. File names were rendered within the app in an unescaped manner, meaning if you could get Dropbox to accept a file with a name like ".png you could XSS Revert's backup rendering screen...

1.5AI score
Exploits0
myhack58
myhack58
added 2015/06/05 12:0 a.m.31 views

Android image parsing heap overflow vulnerability analysis(CVE-2 0 1 5-1 5 3 2)-vulnerability warning-the black bar safety net

Recently Google disclosed a year 1 month update of the vulnerability. This vulnerability to fix a exist in Android5. 1 version the following picture rendering problems, you can view the related link. 9patch is the Android on a unique kind of Picture format, that is, in the ordinary png images of...

0.7AI score
Exploits0
Cvelist
Cvelist
added 2015/05/20 10:0 a.m.20 views

CVE-2015-1262

platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text...

6.9AI score0.01576EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2015/05/20 12:0 a.m.18 views

CVE-2015-1262

platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text...

7.5CVSS7.2AI score0.01576EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/05/20 12:0 a.m.17 views

SUSE SLED11 Security Update : lcms2 (SUSE-SU-2013:1250-1)

lcms2 has been updated to the version 2.5 which is a maintenance release to fix various security and other bugs. - User defined parametric curves can now be saved in ICC profiles. - RGB profiles using same tone curves for several channels are storing now only one copy of the curve - update black...

5.5AI score
Exploits0References3
Rows per page
Query Builder