Lucene search
K

6682 matches found

seebug.org
seebug.org
added 2014/04/11 12:0 a.m.24 views

Google Chrome rendering未明释放后使用漏洞

CVE ID:CVE-2014-1722 Google Chrome是一款流行的WEB浏览器。 Google Chrome中相关rendering存在释放后使用漏洞,允许攻击者利用漏洞构建恶意WEB页诱使用户解析,可使应用程序崩溃或执行任意代码。 0 Google Chrome 33.0.1750.154 Google Chrome 33.0.1750.152 Google Chrome 34.0.1847.116已经修复该漏洞,建议用户下载更新: https://www.google.com/chrome/...

7.5CVSS0.4AI score0.01358EPSS
Exploits1
OSV
OSV
added 2014/04/09 10:57 a.m.2 views

UBUNTU-CVE-2014-1722

Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

7.5CVSS7.4AI score0.01358EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2014/04/07 12:0 a.m.27 views

IBM WebSphere Portal 8.0.0.1 CF11 Multiple XSS

The version of IBM WebSphere Portal on the remote host is affected by multiple cross-site scripting XSS vulnerabilities : - An XSS vulnerability exists in the Web Content Manager user interface. CVE-2014-0828 - An XSS vulnerability exists in the Social Rendering feature of the IBM Connections...

4.3CVSS5.6AI score0.01161EPSS
Exploits2References5
Check Point Advisories
Check Point Advisories
added 2014/03/31 12:0 a.m.3 views

Microsoft Windows Graphics Rendering Engine Code Execution (MS07-046) - Ver2 (CVE-2007-3034)

The Windows Metafile WMF is a standard Windows image file format. It consists of a set of graphics functions and parameters that describe the steps required to render an image. WMF is a 16-bit format that can contain both vector and bitmap information. A WMF file contains a main header, followed ...

9.3CVSS7AI score0.54749EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/03/27 12:0 a.m.33 views

SeaMonkey Multiple Vulnerabilities-01 (Mar 2014) - Mac OS X

SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey"; ifdescription...

10CVSS8AI score0.83633EPSS
Exploits22References19
RedHat Linux
RedHat Linux
added 2014/03/19 5:26 p.m.7 views

Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...

9.1CVSS7AI score0.0427EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/03/19 5:26 p.m.8 views

Mozilla: Memory corruption in Cairo during PDF font rendering (MFSA 2014-27)

Buffer overflow in the cairotruetypeindextoucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docume...

8.8CVSS7.4AI score0.0503EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2014/03/19 10:55 a.m.9 views

CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...

9.1CVSS7.5AI score0.0427EPSS
Exploits1References15
Cvelist
Cvelist
added 2014/03/19 10:0 a.m.29 views

CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...

9.6AI score0.0427EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2014/03/18 8:34 p.m.3 views

Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...

9.1CVSS7AI score0.0427EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2014/03/18 12:0 a.m.33 views

CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...

9.1CVSS6.9AI score0.0427EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2014/03/18 12:0 a.m.36 views

CVE-2014-1502

The 1 WebGL.compressedTexImage2D and 2 WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors...

6.8CVSS6.9AI score0.01147EPSS
Exploits0References3
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.52 views

Information disclosure through polygon rendering in MathML — Mozilla

Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory...

9.1CVSS8.6AI score0.0427EPSS
Exploits1References3Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.54 views

Memory corruption in Cairo during PDF font rendering — Mozilla

Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service DOS. This issues is not able to be triggered in a default...

8.8CVSS9AI score0.0503EPSS
Exploits1References2Affected Software4
Mozilla
Mozilla
added 2014/03/18 12:0 a.m.36 views

WebGL content injection from one domain to rendering in another — Mozilla

Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site's WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to...

6.8CVSS8.9AI score0.01147EPSS
Exploits0References2Affected Software2
Atlassian
Atlassian
added 2014/03/17 2:18 a.m.29 views

JSON-RPC API allows anonymous content rendering

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...

4.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/17 2:18 a.m.27 views

JSON-RPC API allows anonymous content rendering

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...

4.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/03/17 2:18 a.m.19 views

JSON-RPC API allows anonymous content rendering

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...

4.8AI score
Exploits0
Fedora
Fedora
added 2014/03/15 3:12 p.m.37 views

[SECURITY] Fedora 20 Update: freetype-2.5.0-5.fc20

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

7.5CVSS1.5AI score0.06224EPSS
Exploits3
OSV
OSV
added 2014/03/06 9:52 p.m.12 views

MGASA-2014-0121 Updated chromium-browser-stable package fixes security vulnerabilities

Use-after-free in svg images CVE-2013-6663. Use-after-free in speech recognition CVE-2013-6664. Heap buffer overflow in software rendering CVE-2013-6665. Chrome allows requests in flash header request CVE-2013-6666. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6667...

7.5CVSS7.7AI score0.05428EPSS
Exploits1References3
Rows per page
Query Builder