CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

[SECURITY] Fedora 28 Update: leptonica-1.76.0-1.fc28

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

[SECURITY] Fedora 27 Update: qpdf-7.1.1-5.fc27

QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program...

[SECURITY] Fedora 28 Update: qpdf-7.1.1-5.fc28

QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program...

CVE-2018-1321

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations, including but not limited to file read, file...

CVE-2018-1321

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations, including but not limited to file read, file...

Remote code execution

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations, including but not limited to file read, file...

CVE-2018-1321

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations, including but not limited to file read, file...

[SECURITY] Fedora 26 Update: leptonica-1.74.4-5.fc26

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

Security vulnerabilities fixed in Firefox 58 — Mozilla

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main...

CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

Security vulnerabilities fixed in Firefox ESR 52.6 — Mozilla

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This...

libxml2 xmlXPathCompOpEvalPositionalPredicate Memory Misreference Vulnerability

libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. libxml2 xmlXPathCompOpEvalPositionalPredicate memory misreference vulnerability. An attacker could cause memory...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)

This update for java-170-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

[SECURITY] Fedora 25 Update: gtatool-2.2.0-6.fc25

Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of ar rays. For example, you can add components to array elements, merge separate arrays into combined...