CVE-2016-1568

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service instance crash or possibly execute arbitrary code via an invalid AHCI Native Command Queuing NCQ AIO command...

CVE-2015-8833

Use-after-free vulnerability in the createsmpdialog function in gtk-dialog.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item...

CVE-2015-8833

Use-after-free vulnerability in the createsmpdialog function in gtk-dialog.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item...

Ubuntu 14.04 LTS : Firefox regressions (USN-2917-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2917-2 advisory. USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search...

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow...

CVE-2016-2563

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service stack memory corruption or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request...

CVE-2016-2563

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service stack memory corruption or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request...

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow...

Code injection

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2948-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2948-1 advisory. Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An...

CVE-2016-2291

Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via unspecified vectors...

Amazon Linux: Security Advisory (ALAS-2016-672)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-8837

Stack-based buffer overflow in the isofsrealreaddir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long pathname in an ISO file...

Stack overflow

Stack-based buffer overflow in the isofsrealreaddir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long pathname in an ISO file...

CVE-2015-8837

CVE-2015-8837 concerns FuseISO’s isofs.c in isofs_real_readdir, where a stack-based buffer overflow can be triggered by a long pathname in an ISO file, potentially leading to denial of service or arbitrary code execution. Related issue CVE-2015-8836 is an integer overflow in isofs_real_read_zf (i...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:0873-1)

xen was updated to fix 44 security issues. These security issues were fixed : - CVE-2013-4533: Buffer overflow in the pxa2xxsspload function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s-rxlevel value in a savevm image...

CVE-2016-1737

Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted .dfont file...

Memory corruption

IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app, a different vulnerability than CVE-2016-1746...

Memory corruption

libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML document...

CVE-2016-1750

Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app...