6682 matches found
HTML does not render in Project Description
If you enter HTML into the project description it does not get rendered. Reproduced this on a clean 6.3.8 instance. Looks like this has happened in the past: https://jira.atlassian.com/browse/JRA-20032 https://jira.atlassian.com/browse/JRA-15906 Regression? Or possibly a different root cause?...
HTML does not render in Project Description
If you enter HTML into the project description it does not get rendered. Reproduced this on a clean 6.3.8 instance. Looks like this has happened in the past: https://jira.atlassian.com/browse/JRA-20032 https://jira.atlassian.com/browse/JRA-15906 Regression? Or possibly a different root cause?...
Google Chrome Multiple Vulnerabilities - 01 (Oct 2014) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Google Chrome Multiple Vulnerabilities - 01 (Oct 2014) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
CVE-2014-1580
Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element...
Firefox < 33.0 Multiple Vulnerabilities
The version of Firefox installed on the remote Windows host is a version prior to 33.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...
CVE-2014-1580
Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element...
Further uninitialized memory use during GIF rendering — Mozilla
Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to web...
Design/Logic Flaw
core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar...
CVE-2014-3201
Removed by vendor...
Google Fixes 159 Flaws in Chrome
Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those...
FreeBSD : chromium -- multiple vulnerabilities (d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee)
Google Chrome Releases reports : 159 security fixes in this release, including 113 found using MemorySanitizer : - 416449 Critical CVE-2014-3188: A special thanks to Juri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. - 398384 High...
"Recently updated" plugin can be used to reflect arbitrary static content to browser
This request: noformat /plugins/recently-updated/changes.action?theme=XXXXXXXX noformat results in the response: noformat HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Confluence-Request-Time: 1412654577325...
Google Chrome < 38.0.2125.101 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.94. It is, therefore, affected by the following vulnerabilities : - A flaw exists in V8 and IPC that can lead to remote code execution. CVE-2014-3188 - Out-of-bounds read errors exist in PDFium. CVE-2014-318...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...
CVE-2014-7217
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...
Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2330-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2330-1 advisory. Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in...
USN-2330-1: Thunderbird vulnerabilities
Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to...
USN-2330-1 thunderbird vulnerabilities
Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to...
Google Chrome < 37.0.2062.120 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.120. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists related to rendering that allows a remote attacker to execute arbitrary code. CVE-2014-3178 - Unspecified...