6681 matches found
Apple SceneKit Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple SceneKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the renderi...
poppler security update
An update is available for poppler. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Poppler is a Portable Document Format PDF rendering library, used by...
RLSA-2024:9167 Moderate: poppler security update
Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: pdfinfo: crash in broken documents when using -dests parameter CVE-2024-6239 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
USN-7353-1 plantuml vulnerability
Tobias S. Fink discovered that PlantUML was susceptible to cross-site scripting attacks XSS in instances where SVG images were rendered. An attacker could possibly use this issue to cause PlantUML to crash, resulting in a denial of service, or the execution of arbitrary code...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
[SECURITY] Fedora 41 Update: kitty-0.40.0-2.fc41
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...
The vulnerability of the drm_dp_mst_up_req_work() function in the driver drivers/gpu/drm/display/drm_dp_mst_topology.c, which supports the Direct Rendering Infrastructure (DRI) of the Linux operating system’s kernel, allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the drmdpmstupreqwork function in the driver drivers/gpu/drm/display/drmdpmsttopology.c, which is part of the Direct Rendering Infrastructure DRI support for the Linux kernel, relates to the assignment of the NULL pointer. Exploiting this vulnerability could allow an attacker...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the rendering of web pages. An attacker can inject malicious scripts by submitting crafted input that is improperly sanitized before being included in the output HTML. Detai...
The vulnerability of the Web page rendering module in the Safari browser of the WebKit operating systems for macOS, iOS, iPadOS, VisionOS, tvOS, and WatchOS allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the Web page rendering module in Safari web browsers for macOS, iOS, iPadOS, VisionOS, tvOS, and WatchOS lies in insufficient protection of service data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...
The vulnerability of the Web page rendering module in the Safari browser of the WebKit framework in operating systems macOS, iOS, iPadOS, visionOS, tvOS, and watchOS allows a hacker to trigger a service failure.
The vulnerability of the Web page rendering module in Safari browsers of macOS, iOS, iPadOS, VisionOS, tvOS, and WatchOS operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
...
DEBIAN-CVE-2024-58086
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop active perfmon if it is being destroyed If the active performance monitor v3d-activeperfmon is being destroyed, stop it first. Currently, the active perfmon is not stopped during destruction, leaving the...
Autodesk: SSRF in Autodesk Rendering leading to account takeover
A server side request forgery SSRF vulnerability was discovered in Autodesk Rendering. The vulnerability could have allowed an attacker to gain control of a victim's account while they were logged in. Autodesk has fixed the vulnerability...
CVE-2025-0475
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances...
CVE-2024-57240
A Cross-Site Scripting XSS vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file...
Linux Distros Unpatched Vulnerability : CVE-2012-2383
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the i915gemexecbuffer2 function in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Direct Rendering Manager DRM subsystem in the Linux kerne...
Linux Distros Unpatched Vulnerability : CVE-2013-7445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Direct Rendering Manager DRM subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager GEM objects, which allows...
Cross-site Scripting (XSS)
Overview org.webjars.bower:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may...
CVE-2024-57240
A Cross-Site Scripting XSS vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file...
CVE-2024-57240
A Cross-Site Scripting XSS vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file...