CVE-2015-1123

WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and...

Six Apart Movable Type < 5.2.12, 6.0.x < 6.0.7 LFI Vulnerability

Six Apart Movable Type is prone to local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Buffer overflow

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ARJ archive...

CVE-2015-2782

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ARJ archive...

CVE-2015-1317

Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists...

F5 Networks BIG-IP : GNU C Library (glibc) vulnerability (SOL16364)

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

CVE-2015-0814

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

CVE-2015-0803

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...

CVE-2015-2754

FreeXL before 1.0.0i allows remote attackers to cause a denial of service stack corruption and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."...

CVE-2015-2753

CVE-2015-2753 affects FreeXL prior to 1.0.0i. A crafted workbook sector can cause stack corruption, enabling remote denial of service or possible arbitrary code execution. Additional related CVEs (2754, 2776) are cited in the same advisories. Public sources describe remote code execution and DoS ...

CVE-2014-9706

The buildindexfromtree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree...

Integer overflow

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

CVE-2013-7438

The CVE-2013-7438 entry concerns pbm212030, a PBM image processing tool. The vulnerability is described as multiple heap-based buffer overflows triggered by crafted PBM images, enabling remote attackers to cause a crash (DoS) or potentially execute arbitrary code. Reported vectors reference (1) s...

Debian DLA-67-1 : php5 security update

CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem. A remote attacker could still cause a denial of service CPU consumption via a specially crafted input file that triggers backtracking during processing of an awk regular expression...

CVE-2015-0261

Integer signedness error in the mobilityoptprint function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read and crash or possibly execute arbitrary code via a negative length value...

CVE-2015-1803

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrar...

CVE-2015-1802

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a 1 negative or 2 large property count in a BDF font file...

CVE-2015-1802

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a 1 negative or 2 large property count in a BDF font file...

Out-of-bounds

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a 1 negative or 2 large property count in a BDF font file...

CVE-2015-1804

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service out-of-bounds memory access and possibly execute arbitrary co...