libpng vulnerabilities and exploits

NA
CVE-2019-18511

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary...

5
CVSSv2
CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66....

4.3
CVSSv2
CVE-2018-18511

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1....

5.1
CVSSv2
CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an...

NA
CVE-2014-8179

Oracle Linux Security Advisory ELSA-2015-3085 linux.oracle.com/errata/ELSA-2015-3085.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux...

NA
CVE-2013-1752

Python is updated to address multiple security issues....

NA
CVE-2014-8178

Oracle Linux Security Advisory ELSA-2015-3085 linux.oracle.com/errata/ELSA-2015-3085.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux...

NA
CVE-2015-1855

It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates....

NA
CVE-2014-4650

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2014-4650: This CVE is addressed in the SUSE advisories SUSE-SU-2014:0997-1, SUSE-SU-2014:0998-1,...