CVE-2018-1000051

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fzkeepkeystorable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF...

CVE-2018-1000051

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fzkeepkeystorable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF...

CVE-2017-1000172

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravitylexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free conditio...

PT-2017-19212 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver version 7400.12.21.30308 Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to the "metadatauploader" API endpoint...

Scientific Linux Security Update : spice-server on SL6.x x86_64 (20170205)

Security Fixes : - A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 - A vulnerability was discovered in spice in...

DEBIAN-CVE-2014-4909

Integer overflow in the trbitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write...

DEBIAN-CVE-2013-2038

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service daemon termination and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was...

DEBIAN-CVE-2012-5468

Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters...

DEBIAN-CVE-2012-6063

Double free vulnerability in the sftpmkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559...

PT-2012-1150 · Libjpeg Turbo +1 · Libjpeg-Turbo +1

Name of the Vulnerable Software and Affected Versions: libjpeg-turbo versions 1.2.0 through 1.2.0 Description: The issue is related to a heap-based buffer overflow in the get sos function in jdmarker.c, which can be triggered by a large component count in the header of a JPEG image. This can caus...

PT-2012-1162 · Openjpeg +3 · Openjpeg +3

Name of the Vulnerable Software and Affected Versions: OpenJPEG versions 1.3 through 1.5 Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image. This is due to the tcd free encode function...

CVE-2011-2997

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

OpenJDK IndexColorModel double-free (6925710)

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October...

Firefox malformed web content flaws

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via unknown vectors related to the layout engine...

security flaw

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service crash and potentially execute arbitrary code via certain vectors...

Multiple vulnerabilities in UFO2000 svn 1057

Luigi Auriemma Application: UFO2000 http://ufo2000.sourceforge.net Versions: = SVN 1057 Platforms: Windows, nix, BSD, Mac and more Bugs: A buffer-overflow in recvaddunit B invalid memory access in decodestringmap C possible code execution through arrays D SQL injection E mapdata global buffer...