6680 matches found
CVE-2012-2900
Removed by vendor...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 138208 High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG. 147499 Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG. 148692 Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur...
[SECURITY] Fedora 18 Update: blender-2.63a-9.fc18
Blender is the essential software solution you need for 3D, from modeling, animation, rendering and post-production to interactive creation and playba ck. Professionals and novices can easily and inexpensively publish stand-alone, secure, multi-platform content to the web, CD-ROMs, and other medi...
MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability
This module exploits a vulnerability found in Microsoft Internet Explorer MSIE. When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec function, leading to a use-after-free condition. Please note tha...
Fedora Update for freetype FEDORA-2012-4935
Check for the Version of freetype OpenVAS Vulnerability Test Fedora Update for freetype FEDORA-2012-4935 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Critical: Red Hat Security Advisory: thunderbird security update
An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
IBM Rational ClearQuest 8.0 - Multiple Vulnerabilities
IBM Rational ClearQuest 8.0 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/55125/info IBM Rational ClearQuest is prone to the following security vulnerabilities: 1. An HTML-injection vulnerability. 2. Multiple information-disclosure vulnerabilities. 3. A security-bypass...
IBM Rational ClearQuest 8.0 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/55125/info IBM Rational ClearQuest is prone to the following security vulnerabilities: 1. An HTML-injection vulnerability. 2. Multiple information-disclosure vulnerabilities. 3. A security-bypass vulnerability. Attackers may leverage these issues to obtai...
Stable Channel Update
The Stable channel has been updated to 21.0.1180.75 for Mac, Linux, Windows and Chrome Frame This build fixes: Flash videos not longer remaining in fullscreen when clicking a secondary monitor while the video is playing Issue: 140366. Flash video full screen displays on wrong monitor Issue: 13752...
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/54773/info Barracuda Email Security Service is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage these issues to inject hostile HTML and script code that would run in the...
Scientific Linux Security Update : conga on SL5.x i386/x86_64
A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service CVE-2007-4136. Fixes in this updated package include : - The nodename is now set for manual fencing. - The node log ...
Scientific Linux Security Update : elinks on SL4.x, SL5.x i386/x86_64
CVE-2007-2027 elinks tries to load .po files from a non-absolute path CVE-2008-7224 elinks: entitycache static array buffer overflow off-by-one An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A...
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20120221)
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could u...
Scientific Linux Security Update : freetype on SL6.x i386/x86_64
It was found that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code...
Scientific Linux Security Update : kernel on SL6.x i386/x86_64
This update fixes the following security issues : - Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. CVE-2010-2962, Important - compatallocuserspace in the Linux kernel 32/64-bit compatibility layer...
Scientific Linux Security Update : pango on SL3.x, SL4.x, SL5.x i386/x86_64
CVE-2010-0421 libpangoft2 segfaults on forged font files An input sanitization flaw, leading to an array index error, was found in the way the Pango font rendering library synthesized the Glyph Definition GDEF table from a font's character map and the Unicode property database. If an attacker...
CentOS Update for freetype CESA-2011:1455 centos4 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2012-3650
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site...
CVE-2012-3650
CVE-2012-3650 affects WebKit/Safari: Safari before version 6.0 renders SVG content by accessing uninitialized memory, enabling a crafted site to read sensitive process memory. The issue is tied to WebKit’s memory initialization during SVG rendering and is documented in the Apple advisory referenc...
CVE-2012-2364
Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...