Lucene search
K

6683 matches found

Prion
Prion
added 2015/01/04 9:59 p.m.24 views

Code injection

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via...

4.3CVSS7.2AI score0.01724EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2015/01/04 9:0 p.m.31 views

CVE-2014-9508

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via...

6.6AI score0.01724EPSS
Exploits1References2
Cvelist
Cvelist
added 2015/01/04 9:0 p.m.29 views

CVE-2014-9509

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact possibly resource consumption via a "Cache Poisoning" attack using a...

6.7AI score0.01496EPSS
Exploits1References1
CVE
CVE
added 2015/01/04 9:0 p.m.51 views

CVE-2014-9509

CVE-2014-9509 affects TYPO3: the frontend rendering component in TYPO3 4.5.x (before 4.5.39), 4.6.x–6.2.x (before 6.2.9), and 7.x (before 7.0.2). When config.prefixLocalAnchors is set to all or cached, remote attackers can trigger a cache-poisoning scenario by crafting a URL with arbitrary argume...

7.5CVSS6.9AI score0.01496EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2015/01/04 9:0 p.m.62 views

CVE-2014-9508

TYPO3 Open Redirect/Link Spoofing vulnerability CVE-2014-9508 affects the frontend rendering component. Affected: TYPO3 4.5.x before 4.5.39, 4.6.x–6.2.x before 6.2.9, and 7.x before 7.0.2. Condition: config.prefixLocalAnchors enabled with an anchor-only homepage; attacker can modify anchor-only l...

4.3CVSS6.7AI score0.01724EPSS
Exploits1References2Affected Software1
Fedora
Fedora
added 2015/01/03 7:5 p.m.56 views

[SECURITY] Fedora 20 Update: freetype-2.5.0-7.fc20

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

7.5CVSS1.5AI score0.06224EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2015/01/02 12:0 a.m.27 views

Fedora 20 : mingw-freetype-2.5.4-1.fc20 (2014-17580)

Update to 2.5.4\r\n Updated subpixel rendering patch to 2.5.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

7.5CVSS5.8AI score0.06224EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2015/01/02 12:0 a.m.32 views

Fedora 21 : mingw-freetype-2.5.4-1.fc21 (2014-17550)

Update to 2.5.4\r\n Updated subpixel rendering patch to 2.5.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

7.5CVSS5.8AI score0.06224EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2014/12/30 1:7 a.m.17 views

Microsoft Could Kill Internet Explorer; New Spartan Browser Coming Soon

Bad News for Internet Explorer fans, if any! Microsoft's almost 20 years old Web browser with a big blue E sign might soon be a thing of the past. With the arrival of Windows 10, probably by next fall, Microsoft could come up with its brand new browser that’s more similar to Mozilla's Firefox and...

6.6AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/12/28 12:0 a.m.4 views

Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow - Ver2 (CVE-2010-3970)

Thumbnails are reduced-size versions of pictures, used to help in recognizing and organizing them, serving the same role for images as a normal text index does for words. A stack buffer overflow vulnerability has been discovered in Microsoft's Graphics Rendering Engine. The vulnerability is due t...

9.3CVSS0.7AI score0.67687EPSS
Exploits10
UbuntuCve
UbuntuCve
added 2014/12/26 2:59 a.m.26 views

CVE-2011-1798

rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service application crash or possibly have unknown oth...

7.5CVSS5.9AI score0.01081EPSS
Exploits0References4
Fedora
Fedora
added 2014/12/23 6:31 p.m.39 views

[SECURITY] Fedora 21 Update: freetype-2.5.3-13.fc21

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

7.5CVSS1.5AI score0.06224EPSS
Exploits1
Packet Storm
Packet Storm
added 2014/12/22 12:0 a.m.88 views

eBay.com ocsnext CSS Injection

Exploit Title: eBay.com ocsnext sub-domain Reflected CSS injection Date: 20/12/2014 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ebay.com Version: / Category: Reflected CSS injection Google dork: Tested on: eBay.com ocsnext sub-domain Adobe description :...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/12/18 12:0 a.m.28 views

openSUSE Security Update : seamonkey (openSUSE-SU-2014:1655-1)

seamonkey was updated to version 2.31 to fix 20 security issues. These security issues were fixed : - Miscellaneous memory safety hazards CVE-2014-1587, CVE-2014-1588. - XBL bindings accessible via improper CSS declarations CVE-2014-1589. - XMLHttpRequest crashes with some input streams...

7.5CVSS7.7AI score0.0527EPSS
Exploits1References25
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.42 views

FreeBSD : xserver -- multiple issue with X client request handling (27b9b2f0-8081-11e4-b4ca-bcaec565249c)

Alan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues. The vulnerabilities...

6.5CVSS6.5AI score0.05192EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.35 views

Ubuntu 14.04 LTS : NVIDIA graphics drivers vulnerabilities (USN-2438-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2438-1 advisory. It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either...

7.5CVSS7.4AI score0.05192EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2014/12/12 12:0 a.m.37 views

nvidia: arbitrary code execution

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...

7.5CVSS6.1AI score0.05192EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2014/12/12 12:0 a.m.49 views

nvidia-304xx: arbitrary code execution

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...

7.5CVSS5.8AI score0.05192EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2014/12/12 12:0 a.m.50 views

nvidia-340xx: arbitrary code execution

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...

7.5CVSS5.8AI score0.05192EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/12/11 7:41 p.m.2 views

xorg-x11-server: out of bounds access due to not validating length or offset values in DRI3 & Present extensions

Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

6.5CVSS7.1AI score0.03379EPSS
Exploits0References5
Rows per page
Query Builder