Input validation

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

CVE-2017-12182

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

CVE-2017-12180

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

CVE-2017-12176

xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

CVE-2017-12186

xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

Apple iCloud Security Update (HT208473) - Windows

Apple iCloud is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ubuntu 14.04 LTS / 16.04 LTS : rsync vulnerabilities (USN-3543-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3543-1 advisory. It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or...

USN-3543-2: rsync vulnerabilities

USN-3543-1 fixed vulnerabilities in rsync. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code...

p7zip-codec-rar -- insufficient error handling

MITRE reports: Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, alows remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafte...

SUSE-SU-2018:0170-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call bsc1046848...

Buffer overflow

Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply...

CVE-2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name...

TigerVNC: Multiple vulnerabilities

Background TigerVNC is a high-performance VNC server/client. Description Multiple vulnerabilities have been discovered in TigerVNC. Please review the referenced CVE Identifiers for details. Impact An attacker could execute arbitrary code or cause a Denial of Service condition. Workaround There is...

CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a crafted web site...

CVE-2015-1290

CVE-2015-1290 affects the Google V8 JavaScript engine used by Chrome (pre-44.0.2403.89) and QtWebEngineCore in Qt (pre-5.5.1). The vulnerability allows remote attackers to cause memory corruption or execute arbitrary code via a crafted website, leading to denial of service or code execution. Affe...

CVE-2015-1290

Removed by vendor...

RedHat Update for thunderbird RHSA-2018:0061-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-0776

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is...

CVE-2018-0104

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious A...

CVE-2014-9515

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object...