Memory corruption

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669...

CVE-2015-3684

The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted credentials in a URL...

CVE-2015-3669

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665...

Heap overflow

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted BMP image...

CVE-2015-4588

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file...

CVE-2015-4600

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the 1...

CVE-2015-4607

The CVE-2015-4607 issue affects TYPO3’s Frontend User Upload (feupload) extension (version 0.5.0 and earlier). The documented vulnerability is an unrestricted file upload in the frontend upload form that enables remote code execution by uploading a file with an executable extension and then acces...

The vulnerability of the Flash Player software platform, which allows a perpetrator to execute arbitrary code or cause service failures

The vulnerability of the Flash Player software is related to a breach of memory integrity. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code or cause service failures...

Code injection

CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors...

Debian Security Advisory DSA 3287-1 (openssl - security update)

Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of...

CVE-2015-3107

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and befor...

CVE-2015-1742

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1747, CVE-2015-1750, and...

KLA10597 Multiple vulnerabilities in VMware products

Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code. Below is a complete list of vulnerabilities 1. Improper memory allocation can be exploited locally via an unknown vectors; 2...

Buffer overflow

Buffer overflow in the setcsstart function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

Design/Logic Flaw

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service system crash or large loop or possibly execute arbitrary code via a crafted packe...

CVE-2015-4002

CVE-2015-4002 affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozusbsvc1.c) up to version 4.0.5. The issue is a length-value handling flaw where certain length values are not sufficiently large, enabling remote attackers to cause a denial of service (system crash or large loo...

CVE-2015-4002

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service system crash or large loop or possibly execute arbitrary code via a crafted packe...

CVE-2015-4002

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service system crash or large loop or possibly execute arbitrary code via a crafted packe...

The vulnerability of the Adobe Reader text viewer allows a perpetrator to execute arbitrary code.

The vulnerability of the Adobe Reader text viewer arises from the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2015-4060

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...