CVE-2016-4214

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...

CVE-2016-4994

Use-after-free vulnerability in the xcfloadimage function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service program crash or possibly execute arbitrary code via a crafted XCF file...

Design/Logic Flaw

Use-after-free vulnerability in the xcfloadimage function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service program crash or possibly execute arbitrary code via a crafted XCF file...

CVE-2016-4994

Use-after-free vulnerability in the xcfloadimage function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service program crash or possibly execute arbitrary code via a crafted XCF file...

Memory corruption

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ATP; Symantec Data Center Security:Server SDCS:S 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection SEP before 12.1 RU6 MP5; Symantec Endpoint Protection SEP for Mac; Symantec Endpoint Protection SEP for...

CVE-2016-4324

A use-after-free vulnerability was found in the Rich Text Format RTF document format parser in LibreOffice. By tricking a user into opening a specially crafted RTF document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file...

KLA10836 Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Multiple serious vulnerabilities have been found in multiple Foxit products. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Use-after-free vulnerability can be...

CVE-2015-7988

The handleregservicerequest function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service NULL pointer dereference via unspecified vectors...

CVE-2016-4802

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 security.dll, 2 secur32.dll, or 3 ws232.dll in the application or current...

CVE-2016-4994

Use-after-free vulnerability in the xcfloadimage function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service program crash or possibly execute arbitrary code via a crafted XCF file...

CVE-2016-4817

lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly execute arbitrary code via a crafted packet...

CVE-2016-3202

The Microsoft 1 Chakra JavaScript, 2 JScript, and 3 VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruptio...

spice: Multiple vulnerabilities

Background Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share usb devices and share folders without complications. Description Multiple vulnerabilities have been discovered in spice, please review the CVE...

Heap overflow

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element...

CVE-2016-2828

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool...

WordPress LoginWall Plugin Remote File Inclusion

A Remote File Inclusion vulnerability exists in WordPress LoginWall Plugin. Successful exploitation of this vulnerability would allow a non-authenticated attacker to include remote files and execute arbitrary code on the vulnerable system...

CVE-2016-4326

The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...

CVE-2016-5108

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted QuickTime IMA file...

CVE-2016-5108

CVE-2016-5108 affects VideoLAN VLC media player prior to 2.2.4. A buffer overflow in DecodeAdpcmImaQT (modules/codec/adpcm.c) can be triggered by a crafted QuickTime IMA file, leading to denial of service (crash) and, potentially, arbitrary code execution. Exploitation is possible remotely and do...

CVE-2016-2335

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service out-of-bounds read or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file...