Integer overflow

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an ECH erase characters escape sequence with a large parameter value, which triggers a buffer underflow...

CVE-2015-5309

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an ECH erase characters escape sequence with a large parameter value, which triggers a buffer underflow...

Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2828-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2828-1 advisory. Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could use this issue to cause guest network consumption,...

UFIDA ICC System Arbitrary File Upload Vulnerability

UFIDA ICC system is a set of enterprise-level Internet call center and its application solutions. An arbitrary file upload vulnerability exists in the UFIDA ICC System that allows remote attackers to upload specially crafted files and execute arbitrary code...

CVE-2015-5242

OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...

FreeBSD : a2ps -- format string vulnerability (e359051d-90bd-11e5-bd18-002590263bf5)

Jong-Gwon Kim reports : When user runs a2ps with malicious crafted proa2ps prologue file, an attacker can execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

CVE-2015-6045

Use-after-free vulnerability in the CElement object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JavaScript that improperly interacts with use of the Cascading Style Sheets CSS...

CVE-2015-6078

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6065...

Remote code execution

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded...

CVE-2015-6068

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-607...

CVE-2015-6075

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-607...

CVE-2015-5212

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

CVE-2015-5213

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow...

CVE-2014-8873

A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file...

CVE-2015-7696

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value...

CVE-2015-4513

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...

CVE-2015-5212

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

CVE-2015-5213

Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow...

Updated ntp package fixes security vulnerabilities

Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service CVE-2015-7850. Yves Younan discovered that NTP incorrect...