CVE-2014-9421

The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service use-after-free and...

CVE-2014-5352

The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to...

CVE-2014-9421

The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service use-after-free and...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2501-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2501-1 advisory. Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a...

CVE-2015-1501

The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor SAM allow remote attackers to execute arbitrary code via a UNC path to a crafted binary...

CVE-2015-0029

Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."...

Memory corruption

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."...

Memory corruption

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0052, and...

CVE-2015-0023

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025...

Ubuntu: Security Advisory (USN-2495-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2495-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2495-1 advisory. A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker cou...

Microsoft Internet Explorer CVE-2015-0023 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer Memory Corruption (MS15-009: CVE-2015-0020)

A use after free vulnerability exists, where Internet Explorer attempts use a CTreeNode object that has been deleted. This vulnerability could be leveraged to execute arbitrary code in the context of the current user...

Memory corruption

The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service memory corruption and execute arbitrary code via vectors related to the 1 GetGlobalSettings or 2 GetSiteProperties3 methods, which triggers a dereference of an...

CVE-2014-0603

The issue is Attachmate Reflection FTP Client’s rftpcom.dll ActiveX control (GetGlobalSettings, GetSiteProperties3) causing memory corruption leading to remote code execution. CVE-2014-0603 details: memory corruption with execution of arbitrary code via those methods on affected builds before 14....

CVE-2015-0241

The tochar function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a 1 large number of digits when processing a numeric...

Adobe Flash Player suffers from unspecified memory corruption vulnerability (CNVD-2015-00954)

Adobe Flash Player is a Flash file handling program. An unspecified memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to construct a malicious SWF file and trick a user into parsing it, which can be used in an application context to execute arbitrary code...

Google Chrome for Android suffers from an unspecified vulnerability (CNVD-2015-00944)

Google Chrome for Android is an Android-based browser. An unspecified vulnerability in Google Chrome for Android allows attackers to construct malicious web pages that can be tricked into parsing by users, which can execute arbitrary code or crash the application...

CVE-2015-0313

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different...

CVE-2014-4476

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different...