CVE-2014-9906

CVE-2014-9906 describes a use-after-free vulnerability in the Perl DBD::mysql module prior to version 4.029. The issue arises from improper memory handling, allowing a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via vectors related to a lost server ...

CVE-2014-9906

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service program crash or possibly execute arbitrary code via vectors related to a lost server connection...

Ubuntu: Security Advisory (USN-3047-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : FreeBSD -- Incorrect argument handling in sendmsg(2) (7c0bac69-600a-11e6-a6c3-14dae9d210b8)

Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory. Impact : Malicious local user may crash kernel or execute arbitrary code in the kernel, potentially gaining superuser privileges. %NASLMINLEVEL 70300 C Tenable Network...

Ubuntu: Security Advisory (USN-3059-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3060-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stack overflow

Stack-based buffer overflow in the mungeotherline function in cachemgr.cgi in the squid package before 3.1.23-16.el68.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for...

Ubuntu: Security Advisory (USN-3047-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-3821

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service NULL pointer dereference or memory corruption via a craft...

CVE-2016-1513

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service out-of-bounds read or write or execute arbitrary code via crafted MetaActions in an 1 ODP or 2 OTP file...

CVE-2016-5264

Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via an SVG element that is mishandled duri...

CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

CVE-2016-5258

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session...

Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

Design/Logic Flaw

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session...

CVE-2016-5264

Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via an SVG element that is mishandled duri...

CVE-2016-5255

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...

CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

CVE-2016-2835

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

Input validation

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote...