6682 matches found
Google Chrome rendering未明释放后使用漏洞
CVE ID:CVE-2014-1722 Google Chrome是一款流行的WEB浏览器。 Google Chrome中相关rendering存在释放后使用漏洞,允许攻击者利用漏洞构建恶意WEB页诱使用户解析,可使应用程序崩溃或执行任意代码。 0 Google Chrome 33.0.1750.154 Google Chrome 33.0.1750.152 Google Chrome 34.0.1847.116已经修复该漏洞,建议用户下载更新: https://www.google.com/chrome/...
UBUNTU-CVE-2014-1722
Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...
IBM WebSphere Portal 8.0.0.1 CF11 Multiple XSS
The version of IBM WebSphere Portal on the remote host is affected by multiple cross-site scripting XSS vulnerabilities : - An XSS vulnerability exists in the Web Content Manager user interface. CVE-2014-0828 - An XSS vulnerability exists in the Social Rendering feature of the IBM Connections...
Microsoft Windows Graphics Rendering Engine Code Execution (MS07-046) - Ver2 (CVE-2007-3034)
The Windows Metafile WMF is a standard Windows image file format. It consists of a set of graphics functions and parameters that describe the steps required to render an image. WMF is a 16-bit format that can contain both vector and bitmap information. A WMF file contains a main header, followed ...
SeaMonkey Multiple Vulnerabilities-01 (Mar 2014) - Mac OS X
SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey"; ifdescription...
Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...
Mozilla: Memory corruption in Cairo during PDF font rendering (MFSA 2014-27)
Buffer overflow in the cairotruetypeindextoucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docume...
CVE-2014-1508
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...
CVE-2014-1508
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...
Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...
CVE-2014-1508
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...
CVE-2014-1502
The 1 WebGL.compressedTexImage2D and 2 WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors...
Information disclosure through polygon rendering in MathML — Mozilla
Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory...
Memory corruption in Cairo during PDF font rendering — Mozilla
Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service DOS. This issues is not able to be triggered in a default...
WebGL content injection from one domain to rendering in another — Mozilla
Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site's WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to...
JSON-RPC API allows anonymous content rendering
The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...
JSON-RPC API allows anonymous content rendering
The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...
JSON-RPC API allows anonymous content rendering
The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...
[SECURITY] Fedora 20 Update: freetype-2.5.0-5.fc20
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
MGASA-2014-0121 Updated chromium-browser-stable package fixes security vulnerabilities
Use-after-free in svg images CVE-2013-6663. Use-after-free in speech recognition CVE-2013-6664. Heap buffer overflow in software rendering CVE-2013-6665. Chrome allows requests in flash header request CVE-2013-6666. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6667...