6682 matches found
FreeBSD : chromium -- multiple vulnerabilities (b4023753-a4ba-11e3-bec2-00262d5ed8ee)
Google Chrome Releases reports : 19 vulnerabilities fixed in this release, including : - 344492 High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. - 326854 High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. - 337882 High CVE-2013-666...
Google Fixes Nearly 20 Bugs in Chrome 33
Google has fixed 19 security flaws in its Chrome browser, including more than a dozen high-risk bugs. The company paid out $3,500 in rewards to security researchers who reported flaws. Two of the high-risk vulnerabilities fixed in Chrome 33 are use-after-free flaws, one in SVG images and the othe...
Google Chrome < 33.0.1750.146 Multiple Vulnerabilities (Mac OS X)
The version of Google Chrome installed on the remote Mac OS X host is a version prior to 33.0.1750.146. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling SVG images and speech recognition processing. CVE-2013-6663, CVE-2013-6664 - An...
Google Chrome < 33.0.1750.146 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is a version prior to 33.0.1750.146. It is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to handling SVG images and speech recognition processing. CVE-2013-6663, CVE-2013-6664 - An error exis...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 19 vulnerabilities fixed in this release, including: 344492 High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. 326854 High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. 337882 High CVE-2013-6665: Heap...
Stable Channel Update
The Stable Channel has been updated to 33.0.1750.146 for Windows, Mac, and Linux. Security Fixes and Rewards This update includes 19 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page fo...
Velocity XSS in $space.name
I got the following email from Ulrich Kuhnhardt quote While we were doing some testing with XSS for the shiny new Publishing plugin we found that the velocity renderer does not escape $space.name To reproduce Create a space with name 'alert'bang'css' Create a user macro ’simple-space-name' in...
Content Spoofing in the createrssfeed action
A third party scan found that createrssfeed action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...
[SECURITY] Fedora 19 Update: mupdf-1.1-5.fc19
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
Pidgin < 2.10.8 Multiple Vulnerabilities
The version of Pidgin installed on the remote host is a version prior to 2.10.8. It is, therefore, potentially affected by the following vulnerabilities : - The bundled version of Pango has an error that can lead to an application crash when rendering fonts and attempting to display certain Unico...
Poppler: Multiple vulnerabilities
Background Poppler is a cross-platform PDF rendering library originally based on Xpdf. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF...
[SECURITY] Fedora 20 Update: poppler-0.24.3-3.fc20
Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC...
Cross site scripting
Cross-site scripting XSS vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp...
Design/Logic Flaw
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in ...
Mozilla: Out-of-bounds read in image rendering (MFSA 2013-22)
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and application crash via a crafted GIF image...
Mozilla: Out-of-bounds read in image rendering (MFSA 2013-22)
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and application crash via a crafted GIF image...
[SECURITY] Fedora 18 Update: php-symfony2-Form-2.2.10-1.fc18
Form provides tools for defining forms, rendering and binding request data to related models. Furthermore it provides integration with the Validation component...
Design/Logic Flaw
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...
CVE-2013-4445
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...
Fedora Update for poppler FEDORA-2013-20443
Check for the Version of poppler OpenVAS Vulnerability Test Fedora Update for poppler FEDORA-2013-20443 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...