CVE-2016-7154

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service host crash and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number...

CVE-2016-4263

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors...

CVE-2016-6930

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279,...

Design/Logic Flaw

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4279, CVE-2016-6921,...

CVE-2016-6923

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279,...

CVE-2016-3294

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3330...

Memory corruption

Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."...

CVE-2016-3364

Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."...

Google Chrome < 53.0.2785.113 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 53.0.2785.113. It is, therefore, affected by multiple vulnerabilities as referenced in the 201609stable-channel-update-for-desktop13 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113...

openjpeg -- multiple vulnerabilities

Tencent's Xuanwu LAB reports: A Heap Buffer Overflow Out-of-Bounds Write issue was found in function opjdwtinterleavev of dwt.c. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG. An integer overflow issue exists in function...

CVE-2016-5157

Heap-based buffer overflow in the opjdwtinterleavev function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3071-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3071-1 advisory. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to...

mupdf -- multiple vulnerabilities

Tobias Kortkamp reports: Heap-based buffer overflow in the pdfloadmeshparams function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service crash or execute arbitrary code via a large decode array. Use-after-free vulnerability in the pdfloadxref function in pdf/pdf-xref...

Memory corruption

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...

CVE-2016-5383

The CVE-2016-5383 issue affects Red Hat CloudForms Management Engine (CFME) 4.1, where the web UI did not properly filter input in certain fields, allowing remote authenticated attackers to execute arbitrary code on the host. Root cause: insufficient input filtering (listed as “Lack of field filt...

Ubuntu: Security Advisory (USN-3069-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-4657

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site...

Input validation

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the 1 reflect, 2 reflect2, or 3 javamethod Hive builtin functions...

CVE-2016-6254

CVE-2016-6254 is a heap-based buffer overflow in the parse_packet function of network.c in collectd, exploitable via crafted network packets. Affected versions are collectd before 5.4.3 and 5.x before 5.5.2, enabling remote denial of service (daemon crash) and potentially arbitrary code execution...

CVE-2014-9906

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service program crash or possibly execute arbitrary code via vectors related to a lost server connection...