6684 matches found
Google Chrome < 41.0.2272.76 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 41.0.2272.76. It is, therefore, affected by multiple vulnerabilities as referenced in the 201503stable-channel-update advisory. - Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM...
Stable Channel Update
The Chrome team is delighted to announce the promotion of Chrome 41 to the stable channel for Windows, Mac and Linux. Chrome 41.0.2272.76 contains a number of fixes and improvements, including: A number of new apps/extension APIs Lots of under the hood changes for stability and performance A list...
SUSE-SU-2015:0463-1 Security update for freetype2
The font rendering library freetype2 has been updated to fix various security issues. Security Issues: CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9667 CVE-2014-9666 CVE-2014-9665 CVE-2014-9664 CVE-2014-9663 CVE-2014-9659 CVE-2014-9668 CVE-2014-966...
Out-of-bounds read and write while rendering SVG content — Mozilla
Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to report an out-of-bounds read and an out-of-bounds write when rendering an improperly formatted SVG graphic. This could potentially allow the attacker to read uninitialized memory...
[SECURITY] Fedora 20 Update: freetype-2.5.0-9.fc20
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
[SECURITY] Fedora 21 Update: freetype-2.5.3-15.fc21
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
Vulnerability tracking: latest IE UXSS vulnerability technical analysis-vulnerability warning-the black bar safety net
This article is a brief analysis about the vulnerability of the principle. Attack process top0. eval'=top1;alert;. location="javascript:alertdocument. domain"'; poc in the first iframe the use of a 3 0 2 jump, jump to the target domain, the second one the iframe is also loading the target domain ...
UBUNTU-CVE-2014-4467
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site...
Apple MAC OS X Yosemite Lock Screen Bypass Vulnerability
Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite suffers from a security vulnerability in the way it handles lock screen rendering, which allows attackers to exploit the vulnerability so that the MAC does not lock immediately upon wakeup...
UBUNTU-CVE-2015-1360
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and...
CVE-2014-7925
Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improper...
UBUNTU-CVE-2014-7945
OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service out-of-bounds read via a crafted PDF document, related to j2k.c, jp2.c, and t2.c...
CVE-2014-7925
CVE-2014-7925 affects Blink’s WebAudio: a use-after-free in the audio-rendering thread can allow a remote attacker to cause a denial of service, with possible other impact. Evidence across multiple advisories shows Chrome/Blink remediation via upgrade to a fixed Chrome version (40.0.2214.91/111 d...
CVE-2014-7925
Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improper...
CVE-2014-7925
Removed by vendor...
CVE-2014-7925
Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improper...
Mozilla Firefox/SeaMonkey Bitmap Rendering Information Disclosure Vulnerability
Firefox/SeaMonkey is a web browser and newsgroup client released by Mozilla. An information disclosure vulnerability exists in Mozilla Firefox/SeaMonkey, which can be exploited by attackers to obtain sensitive information or launch further attacks...
Uninitialized memory use during bitmap rendering — Mozilla
Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to...
[SECURITY] Fedora 21 Update: webkitgtk-2.4.8-1.fc21
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform...
Updated nvidia packages fix security vulnerabilities
Updated nvidia304 and nvidia-current drivers fixes security issues: The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allo...