6683 matches found
USN-2438-1: NVIDIA graphics drivers vulnerabilities
It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...
USN-2438-1 nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-331, nvidia-graphics-drivers-331-updates vulnerabilities
It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...
CVE-2014-8298
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...
DEBIAN-CVE-2014-8298
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...
Server side request forgery (ssrf)
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...
CVE-2014-8298
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...
UBUNTU-CVE-2014-8298
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...
PT-2014-1854 · Xorg +5 · Xorg-X11-Server +14
Name of the Vulnerable Software and Affected Versions: xorg-x11-server versions 1.15.0 through 1.16.x before 1.16.3 xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-debuginfo versio...
xserver -- multiple issue with X client request handling
Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues. The vulnerabilities cou...
UBUNTU-CVE-2014-8103
X.Org Server aka xserver and xorg-server 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1 sprocdri3queryversion, 2 sprocdri3open, 3...
UBUNTU-CVE-2014-8094
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server aka xserver and xorg-server 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a crafted request, which triggers an...
NVIDIA UNIX driver -- remote denial of service or arbitrary code execution
NVIDIA Unix security team reports: The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities CVE-2014-8093, CVE-2014-8098 as well as internally identified vulnerabilities CVE-2014-8298. Depending on how it is configured, the X server...
CVE-2014-8958
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...
MGASA-2014-0480 Updated kdebase4-workspace packages fix security vulnerability and various bugs
This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time CVE-2014-8651, mga14578, and fixes some additional issues: - fix foreground color for GTK2 menus bko127861, - improve contrast for rendering checkbox marks, arrows, etc. bko337433, -...
Apple Mac OSX Safari 8.0 - Crash (PoC)
Apple Mac OSX Safari 8.0 - Crash PoC @w3bd3vil svg padding-top: 1337%; box-sizing: border-box; 0x7fff8ab10282: jae 0x7fff8ab1028c ; pthreadkill + 20 0x7fff8ab10284: movq %rax, %rdi 0x7fff8ab10287: jmp 0x7fff8ab0bca3 ; cerrornocancel 0x7fff8ab1028c: retq lldb register read General Purpose Register...
openSUSE Security Update : chromium (openSUSE-SU-2014:1378-1)
Update to Chromium 38.0.2125.101 This update includes 159 security fixes, including 113 relatively minor fixes. Highlighted securtiy fixes are: CVE-2014-3188: A combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox CVE-2014-3189: Out-of-bounds read in PDFium...
openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss (openSUSE-SU-2014:1344-1)
update to Firefox 33.0 bnc900941 New features : - OpenH264 support sandboxed - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP Content Security Policy backend - Support for connecting to HTTP proxy over HTTPS - Improved...
openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss and seamonkey (openSUSE-SU-2014:1345-1)
update to Firefox 33.0 bnc900941 New features : - OpenH264 support sandboxed - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP Content Security Policy backend - Support for connecting to HTTP proxy over HTTPS - Improved...
[SECURITY] Fedora 21 Update: webkitgtk3-2.4.7-1.fc21
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
[SECURITY] Fedora 21 Update: webkitgtk4-2.6.2-1.fc21
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...