CVE-2014-4479

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different...

CVE-2015-1182

The asn1getsequenceof function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1sequence linked list, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted...

CVE-2015-0231

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...

CVE-2014-8157

Off-by-one error in the jpcdecprocesssot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow...

CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...

CVE-2014-8157

JasPer (JPEG-2000 reference implementation) is affected by CVE-2014-8157 due to an off-by-one error in jpc_dec_process_sot that can cause a heap-based buffer overflow. A crafted JPEG 2000 image could lead to a crash or, in some cases, remote arbitrary code execution. Affected releases are JasPer ...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-471) (POODLE)

A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. CVE-2014-6601 Multiple improper permission check issues were discovered in the JAX-WS, and...

CVE-2014-8157

Off-by-one error in the jpcdecprocesssot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow...

CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

Format string

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

Oracle Solaris Third-Party Patch Update : libtiff (cve_2013_4231_buffer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service out-of-bounds write via a crafted 1 extension block in a GIF image or 2 GIF raster image to tools/gif2tiff.c...

Oracle Solaris Third-Party Patch Update : libexif (multiple_vulnerabilities_in_libexif1)

The remote Solaris system is missing necessary patches to address security updates : - The exifentrygetvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive...

Oracle Solaris Third-Party Patch Update : icu (multiple_vulnerabilities_in_international_components)

The remote Solaris system is missing necessary patches to address security updates : - The International Components for Unicode ICU functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2014-9471

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

CVE-2014-9471

CVE-2014-9471 refers to a vulnerability in GNU coreutils where the parse_datetime() function can be triggered by a crafted date string (e.g., --date=TZ="123"345) to cause a crash or potentially execute arbitrary code. The initial description explicitly mentions denial of service (crash) and possi...

CVE-2014-9471

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

CVE-2014-8398

Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 igfxcmrt32.dll, 2 ipl.dll, 3 MSPStyleLib.dll, 4 uFioUtil.dll, 5 uhDSPlay.dll, 6 uipl.dll, 7 uvipl.dll, 8 VC1DecDll.dll, or 9...

CVE-2014-8396

Corel PDF Fusion is affected by a DLL hijacking vulnerability (untrusted search path) where the attacker can place a malicious quserex.dll in the same folder as the processed file, enabling local code execution. The CVE is CVE-2014-8396. The connected sources confirm the vulnerability scope and D...

CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...