Design/Logic Flaw

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 29493002...

UBUNTU-CVE-2016-3878

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 29493002...

D-Link '/improtexport.php' Multiple Series Products SQL Injection Vulnerability

D-Link DAR-8000-X series and DAR-7000-x series Internet Access Behavior Audit Gateways provide Internet access behavior management solutions. An SQL injection vulnerability exists in several D-Link series products. The vulnerability generates a file in /improtexport.php, where previous defenses a...

The vulnerability of the Android operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability in the file codecs/on2/h264dec/source/h264bsddpb.c of the libstagefright library in the Android operating system’s media server is caused by a numerical overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure memory...

SUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2016:1601-1)

This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser bsc961491 - CVE-2015-3622: Fixed invalid read in octet string decoding bsc929414 - CVE-2016-4008: Fixed infinite loop while parsing DER...

SUSE SLES11 Security Update : libtasn1 (SUSE-SU-2016:1600-1)

This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser bsc961491 - CVE-2015-3622: Fixed invalid read in octet string decoding bsc929414 - CVE-2016-4008: Fixed infinite loop while parsing DER...

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...

CVE-2016-3819

Integer overflow in codecs/on2/h264dec/source/h264bsddpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted...

phpMyAdmin Double URL Decoding XSS Vulnerability (PMASA-2016-16) - Linux

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apple Core Graphics BMP Framework img_decode_read Remote Code Execution Vulnerability

Apple's CoreGraphics library is an API for users to create and manipulate graphic elements. A remote code execution vulnerability exists in Apple OS X and iOS when working with BMP images. An attacker could use this vulnerability to embed malicious exploit code in a BMP image resulting in an...

UBUNTU-CVE-2016-2507

Integer overflow in codecs/on2/h264dec/source/h264bsdstorage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

Adobe Flash - LMZA Property Decoding Heap Corruption

Adobe Flash - LMZA Property Decoding Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790 Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows:...

Adobe Flash - LMZA Property Decoding Heap Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790 Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows: LoadImage.swf?img=6 The issue sometimes takes multiple refreshes ...

The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

Overfilling the buffer in the Speex decoder of the Web Audio subsystem in Mozilla Firefox allows malicious actors to execute arbitrary code using specially crafted AudioBuffer channel counters and decoding frequencies...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

DEBIAN-CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

Cross site scripting

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

UBUNTU-CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...