CVE-2015-3331

The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow and system crash or possibly...

CVE-2015-4092

Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690...

CVE-2015-4092

SAP Afaria 7.00.6620.2 SP5 contains a Buffer Overflow in the XComms process (CVE-2015-4092). ERPScan/SAP advisories describe that an anonymous attacker can remotely exploit a crafted request to crash the server’s XComms component and potentially execute code. Impact includes DoS and, in some disc...

CVE-2015-3905

Buffer overflow in the setcsstart function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

Buffer overflow

Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-1251

Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document...

Session fixation

IBM WebSphere Application Server WAS 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session...

The vulnerability of the Windows operating system allows a hacker to execute arbitrary code in the context of the current user.

The vulnerability of the Windows operating system exists due to improper handling of the event log file. The vulnerability can be exploited by opening the event log file created by the attacker. As a result of exploiting this vulnerability, an attacker who operates remotely can execute arbitrary...

CVE-2015-3456

The Floppy Disk Controller FDC in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service out-of-bounds write and guest crash or possibly execute arbitrary code via the 1 FDCMDREADID, 2 FDCMDDRIVESPECIFICATIONCOMMAND, or other unspecified commands, ak...

CVE-2015-3456

The CVE-2015-3456 VENOM issue affects QEMU’s Floppy Disk Controller emulation (FDC), also used by VirtualBox and other virtualization stacks in Xen 4.5.x and earlier and KVM. The vulnerability is a buffer/out-of-bounds condition in the FDC where certain commands (notably FD_CMD_READ_ID and FD_CMD...

CVE-2015-3456

The Floppy Disk Controller FDC in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service out-of-bounds write and guest crash or possibly execute arbitrary code via the 1 FDCMDREADID, 2 FDCMDDRIVESPECIFICATIONCOMMAND, or other unspecified commands, ak...

MGASA-2015-0220 Updated qemu packages fix CVE-2015-3456

Updated qemu packages fix security vulnerability: An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller FDC handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially,...

CVE-2015-3055

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075...

CVE-2015-1708

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."...

CVE-2015-3075

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3059...

CVE-2015-3050

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3051,...

CVE-2015-3050

Technical details for CVE-2015-3050 are not publicly provided in the supplied documents; monitor for updates.

CVE-2015-1708

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."...

CVE-2015-1706

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1711, CVE-2015-1717, and...

CVE-2015-1683

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."...