Microsoft Internet Explorer CStyleAttrArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

CVE-2015-4651

The dissectwccp2r1addresstableinfo function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service applicatio...

Google Chrome memory corruption vulnerability (CNVD-2015-02654)

Google Chrome is a web browser developed by the American company Google Google. Google Chrome versions prior to 42.0.2311.90, the function NaClSandbox::InitializeLayerTwoSandbox within components/nacl/loader/sandboxlinux/naclsandboxlinux.cc Failure to apply RLIMITAS and RLIMITDATA restrictions to...

USN-2550-1 firefox vulnerabilities

Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. CVE-2015-0801 Bobby Holley discovered that...

MS14-082: Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)

The remote Windows host is running a version of Microsoft Office that is affected by a remote code execution vulnerability due to a use-after-free memory issue caused by Microsoft Word not properly handling objects in memory. A remote attacker can exploit this vulnerability by convincing a user t...

USN-2399-1 curl vulnerability

Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPTCOPYPOSTFIELDS and curleasyduphandle. This may result in sensitive data being incorrectly sent to the remote server...

Firefox ESR 24.x < 24.4 Multiple Vulnerabilities

The installed version of Firefox ESR 24.x is a version prior to 24.4. It is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - A flaw exists in the checkHandshake function due to...

Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is prior to 24.4 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - A flaw exists in the checkHandshake function due to improper...

Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is a version prior to version 24.4. It is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - An issue exists where extracted files for updates ar...

Thunderbird < 24.2 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - Two use-after-free...

Debian DSA-2719-1 : poppler - several vulnerabilities

Multiple vulnerabilities were discovered in the poppler PDF rendering library. - CVE-2013-1788 Multiple invalid memory access issues, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document. - CVE-2013-1790 An uninitialized memory...

Debian: Security Advisory (DSA-2719-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read

Apple Quick Time Player Windows 7.7.3 - Out of Bound Read Title: Apple Quick Time Player WindowsVersion 7.7.3 Out of Bound Read Date: 28th January,2013 Author: Debasish Mandal https://twitter.com/debasishm89 Blog : http://www.debasish.in/ Vendor Homepage: http://www.apple.com/ Software Link:...

Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read

Exploit for windows platform in category dos / poc Title: Apple Quick Time Player WindowsVersion 7.7.3 Out of Bound Read Date: 28th January,2013 Author: Debasish Mandal https://twitter.com/debasishm89 Blog : http://www.debasish.in/ Vendor Homepage: http://www.apple.com/ Software Link:...

CVE-2011-4096

CVE-2011-4096 affects Squid proxies (notably Squid 3.1.x up to before 3.1.16). The root cause is a mis-free of memory in idnsGrokReply, enabling a remote attacker to trigger a denial of service (daemon abort) via a DNS reply containing a CNAME that references another CNAME containing an empty A r...

Debian Security Advisory DSA 2148-1 (tor)

The remote host is missing an update to tor announced via advisory DSA 2148-1. OpenVAS Vulnerability Test $Id: deb21481.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2148-1 tor Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

[SECURITY] [DSA 2148-1] Security update for tor

------------------------------------------------------------------------- Debian Security Advisory DSA-2148-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2011 http://www.debian.org/security/faq -...

CVE-2010-4011

Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issu...

Mandriva Update for gtkspell MDVA-2010:140 (gtkspell)

Check for the Version of gtkspell OpenVAS Vulnerability Test Mandriva Update for gtkspell MDVA-2010:140 gtkspell Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

USN-769-1: libwmf vulnerability

Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user...