CVE-2016-4064

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call...

CVE-2016-4063

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document...

Design/Logic Flaw

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document...

MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote...

CVE-2016-2007

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354...

Important: postgresql8

Issue Overview: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. Affected...

CVE-2015-7801

CVE-2015-7801 is a use-after-free vulnerability in OptiPNG 0.6.4 . A crafted PNG file can cause the vulnerable PNG-processing code to execute arbitrary code on the affected system. The CVE is documented with high severity (CVSS v3 base 8.8) and confirms remote code execution via crafted input . T...

CVE-2015-8778

Integer overflow in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via the size argument to the hcreater function, which triggers out-of-bounds heap-memory access...

Ubuntu 14.04 LTS : OptiPNG vulnerabilities (USN-2951-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2951-1 advisory. Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause...

Heap overflow

Heap-based buffer overflow in the gdkpixbufflip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file...

Format string

Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file...

CVE-2016-0835

decoder/impeg2ddechdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file that triggers a certain negative value, aka internal bug 26070014...

CVE-2016-1503

dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a malform...

CVE-2010-5325

Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service memory corruption and crash or possibly execute arbitrary code via a long job title...

CVE-2016-1577

Summary: CVE-2016-1577 is a double‑free vulnerability in JasPer’s jas_iccattrval_destroy function, affecting JasPer 1.900.1 and earlier. A crafted ICC color profile within a JPEG 2000 image can cause a crash or, potentially, arbitrary code execution. Impact (per sources): denial of service with c...

openSUSE Security Update : flash-player (openSUSE-2016-433)

flash-player was updated to fix one security issue. This security issue was fixed : - CVE-2016-1019: Adobe Flash Player earlier allowed remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 201...

CVE-2016-3982

Off-by-one error in the bmprle4fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow...

openSUSE: Security Advisory for xen (openSUSE-SU-2016:0914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-1016

CVE-2016-1016 is a use-after-free in Adobe Flash Player’s Transform object implementation. Affected versions include Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows/OS X, and before 11.2.202.616 on Linux. The root cause is a use-after-free triggered via a flash.g...

Adobe Flash Player Memory Misreference Vulnerability (CNVD-2016-02099)

Adobe Flash Player is a cross-platform, browser-based multimedia player product. A memory misreference vulnerability exists in Adobe Flash Player, which can be exploited by remote attackers to construct malicious SWF content that can be induced to be parsed by an application, which can cause the...