CVE-2016-9453

The t2preadwritepdfimagetile function in LibTIFF allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a JPEG file with a TIFFTAGJPEGTABLES of length one...

CVE-2016-10160

Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch...

CVE-2016-7102

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive...

CVE-2016-9383

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service host crash, or execute arbitrary code on the host by leveraging broken emulation of bit test instructions...

CVE-2016-5091

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action...

CVE-2016-7102

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive...

Code injection

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL...

PYSEC-2017-74

The tqdm.version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory...

CVE-2016-7793

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL...

Debian: Security Advisory (DSA-3766-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Outside In Technology RTF Parsing Code Execution Vulnerability

Summary An exploitable Use After Free vulnerability exists in the RTF parser functionality of Oracle Outside In Technology SDK. A specially crafted RTF document can cause a reuse of a reference to the previously freed memory which can be manipulated into achieving arbitrary code execution. Tested...

CVE-2017-0003

Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."...

Scientific Linux Security Update : gstreamer-plugins-good on SL7.x x86_64 (20170105)

Security Fixes : - Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area...

CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...

SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3249-1)

This update for the Linux Kernel 3.12.51-5234 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the afpacket packetsetring function could be used by local attackers to crash the kernel or gain privileges bsc1012759. - CVE-2016-9555: The sctpsfootb...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

CVE-2016-6671

The rawdecode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a crafted SWF file...

CVE-2016-6671

Illustrative vulnerability summary : CVE-2016-6671 affects FFmpeg’s libavcodec/rawdec.c, where the raw_decode function in FFmpeg before 3.1.2 can be exploited by a crafted SWF file to cause memory corruption, leading to denial of service or arbitrary code execution. Affected component: libavcodec...

CVE-2016-7263

Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."...