CVE-2007-0061

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers ...

CVE-2011-3345

ulp/sdp/sdpproc.c in the ibsdp module aka ibsdp.ko in the ofakernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution OFED before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service stack memory...

CVE-2011-1173

The econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.39 on the x8664 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking AUN packet...

flash-plugin: multiple code execution issues fixed in APSB15-23

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service...

Memory corruption

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service...

Memory corruption

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service...

CVE-2015-5579

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service...

CVE-2015-5579

The CVE-2015-5579 entry concerns Adobe Flash Player and related AIR components. Affected components include Flash Player on Windows/OS X (before 18.0.0.241 and 19.x before 19.0.0.185) and Linux (before 11.2.202.521), Adobe AIR before 19.0.0.190, and the AIR SDK and AIR SDK & Compiler before 19.0....

CVE-2015-5567

CVE-2015-5567 describes a stack memory corruption vulnerability in Adobe Flash Player and Adobe AIR that could allow remote code execution or a denial of service. Affected software and versions (as stated): Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows/OS X; Flash on Linux ...

Binary loopholes-the evil of the printf-bug warning-the black bar safety net

This article is binary vulnerabilities related series of articles. printf some of the lesser-known characteristics, for coding convenience, but also introduces security problems. This paper focus on the description of printf in the exploits of some of the usage, in the normal programming is not...

SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)

The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 and presumably earlier exhibit both problems with the overflow issu...

Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031) - Ver2 (CVE-2010-0815)

Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...

Mandriva Linux Security Advisory : fcgi (MDVSA-2015:226)

Updated fcgi packages fix security vulnerability : FCGI does not perform range checks for file descriptors before use of the FDSET macro. This FDSET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial ...

Updated fcgi packages fix CVE-2012-6687

Updated fcgi packages fix security vulnerability: FCGI does not perform range checks for file descriptors before use of the FDSET macro. This FDSET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial o...

Mandriva Linux Security Advisory : jasper (MDVSA-2015:159)

Updated jasper packages fix security vulnerabilities : Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service application crash or the execution of arbitrary code CVE-2014-9029. A double free flaw was found in the way...

Debian DLA-138-1 : jasper security update

An off-by-one flaw, leading to a heap-based buffer overflow CVE-2014-8157, and an unrestricted stack memory use flaw CVE-2014-8158 were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute...

jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)

An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...

Memory corruption

The dissectatncpdlcheur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service stack memory corruption and application...

CVE-2015-2187

CVE-2015-2187 affects Wireshark 1.12.x before 1.12.4. The vulnerability lies in the ATN-CPDLC dissector (function dissect_atn_cpdlc_heur in asn1/atn-cpdlc/packet-atn-cpdlc-template.c), which does not properly follow TRY/ENDTRY code requirements, allowing remote attackers to trigger stack memory c...

CVE-2015-2187

The dissectatncpdlcheur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service stack memory corruption and application...