chromium-browser: Use-after-free in SVG.

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element...

chromium-browser: Container-overflow in SVG.

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service container overflow or...

Google Chrome Blink Buffer Overflow Vulnerability

Blink is a browser typography engine developed by Google and Opera Software. A security vulnerability exists in the platform/graphics/filters/FEColorMatrix.cpp file in the SVG implementation of Blink used in Google Chrome. The program fails to properly handle feColorMatrix filters containing too...

Google Chrome Blink SVG Memory Misreference Vulnerability

Blink is a browser typography engine developed by Google and Opera Software. A memory misreference vulnerability exists in the SVG implementation of Blink used by Google Chrome. As the program fails to properly handle the shadow tree of use elements. A remote attacker could exploit this...

UBUNTU-CVE-2015-1257

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service container overflow or...

Amazon App Store Security Bypass Vulnerability

The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A security bypass vulnerability exists in Amazon App Store. An attacker can perform unauthorized operations by conducting a man-in-the-middle attack...

USN-2603-1 thunderbird vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application...

Yii Framework Cross-Site Scripting Vulnerability

Yii Framework is a component-based , high-performance PHP framework for developing large-scale Web applications . A cross-site scripting vulnerability exists in versions of Yii Framework prior to 2.0.4 that allows remote attackers to inject arbitrary web script or HTML via vector-related JSON...

SAP xMII - Reflected XSS vulnerability

Application: SAP NetWeaver AS JAV Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: XSS Reported: 05.05.2015 Vendor response: 06.05.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2201295 Author: Nursultan Abubakirov , Vahagn Vardanyan ERPScan VULNERABILITY...

The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information

The vulnerability of the libuser-0.32 package in the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...

Vulnerabilities of the CentOS operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the openssl-0.9.7a package of the CentOS operating system can lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the CentOS operating system, which allows a malicious attacker to compromise the accessibility of protected information

The vulnerability of the avahi-0.6.16 package of the CentOS operating system can lead to a violation of the accessibility of protected information. Exploiting this vulnerability can be carried out remotely...

SevDesk v1.1 iOS - Persistent Dashboard Vulnerability

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-22 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

CVE-2015-2114

HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors...

UBUNTU-CVE-2015-0347

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2015-0350,...

MediaWiki Information Disclosure Vulnerability (CNVD-2015-02411)

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to bypass SVG filtering and obtain sensitive user information via a mixed-case '@import' string in the style element of an SVG file...

MediaWiki Incomplete Blacklist Vulnerability (CNVD-2015-02418)

MediaWiki is a Wiki program. An incomplete blacklist vulnerability exists in the includes/upload/UploadBase.php script of MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of nested SVG files with data: URI of type pplication/xml MIME...

MediaWiki Denial of Service Vulnerability (CNVD-2015-02421)

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki. When the program uses HHVM, a remote attacker can exploit the vulnerability to cause a denial of service CPU and memory consumption with the help of a large number of nested entity references in the SVG file of a PDF folde...

MediaWiki HTML Injection Vulnerability

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki, which stems from the failure of the 'xmlparse' function in the Zend interpreter to properly expand entities. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML with the help of a...