CVE-2016-4177

Adobe Flash Player CVE-2016-4177 is an in-the-wild memory corruption/arbitrary code execution vulnerability. The CVE affects Windows and macOS builds prior to 18.0.0.366 and 19.x up to 22.x before 22.0.0.209, and Linux builds before 11.2.202.632, with vectors unspecified in the provided sources. ...

CVE-2016-4176

Adobe Flash Player has a memory corruption vulnerability (stack memory corruption) that could allow arbitrary code execution or a denial of service. Affected: Windows/macOS Flash Player before 18.0.0.366 and 19.x–22.x before 22.0.0.209; Linux before 11.2.202.632. Root cause/impact described in CV...

Adobe Flash Player Arbitrary Code Execution Vulnerability (CNVD-2016-04761)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. An attacker could exploit this vulnerability to execute...

PT-2016-2369 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.366 Adobe Flash Player versions 19.x through 22.x before 22.0.0.209 on Windows and OS X Adobe Flash Player versions prior to 11.2.202.632 on Linux Description: The issue is caused by a buffer...

OpenSSL 1.0.1 < 1.0.1t / 1.0.2 < 1.0.2h Multiple Vulnerabilities

Binary data 9390.prm...

Linux kernel competitive conditions vulnerability (CNVD-2016-04425)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A contention condition vulnerability exists in the 'vopioctl' function in the drivers/misc/mic/vop/vopvringh.c file in Linux kernel 4.6 and earlier. A local attacker can explo...

Linux kernel information disclosure vulnerability (CNVD-2016-04424)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'schedreadattr' function in the kernel/sched/core.c file in versions of Linux kernel 3.14-rc4 prior to 3.14-rc, which stems from a progr...

CVE-2016-5244

The rdsincinfocopy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

CVE-2016-5244

CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...

CVE-2016-5243

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

CVE-2016-1583

The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling...

CVE-2016-1583

The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling...

CVE-2016-5244

The rdsincinfocopy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)

The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils wa...

CVE-2016-1583

The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling...

CVE-2016-5243

A leak of information was possible when issuing a netlink command of the stack memory area leading up to this function call. An attacker could use this to determine stack information for use in a later exploit...

Updated libgd packages fix security vulnerabilities

Updated libgd packages fix security vulnerabilities: The gdImageScaleTwoPass function in gdinterpolation.c in libgd before 2.2.0 uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated by a...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...