CVE-2015-2708

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

CVE-2015-2709

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

Buffer overflow

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service segmentation fault and crash and possibly execute arbitrary code via a crafted ICO image...

CVE-2015-1152

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154...

Ubuntu 14.04 LTS : curl vulnerabilities (USN-2591-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2591-1 advisory. Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. CVE-2015-3143...

Fedora Update for mailman FEDORA-2015-5216

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...

CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...

CVE-2015-1774

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write...

CVE-2015-1863

Heap-based buffer overflow in wpasupplicant 1.0 through 2.4 allows remote attackers to cause a denial of service crash, read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries...

CVE-2015-2116

Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors...

CVE-2015-3331

The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow and system crash or possibly...

WordPress Yoast Google Analytics Cross Site Scripting

OVERVIEW ========== Google Analytics by Yoast is one of the most popular WordPress plug-ins with over 7 million downloads and "1+ million" active installs. Last month Yoast patched a stored XSS we reported in the plug-in. Shortly after this we identified another bug of a similar severity. The...

Amazon Linux AMI : php55 (ALAS-2015-507)

A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer overflow flaw,...

CVE-2015-0351

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and...

CVE-2015-0349

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and...

CVE-2015-1650

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote...

Buffer overflow

Buffer overflow in daswatchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable...

CVE-2015-2831

Buffer overflow in daswatchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable...

Debian DSA-3222-1 : chrony - security update

Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server : - CVE-2015-1821 Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service cras...