CVE-2017-0419

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally...

CVE-2017-0418

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally...

UBUNTU-CVE-2017-0450

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A...

Code injection

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

CVE-2016-8932

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

Code injection

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

CVE-2016-6124

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

CVE-2016-8921

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

CVE-2016-8225

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges...

Out-of-bounds

The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG image. The vulnerability could lead to information disclosure; ...

libupnp: Multiple vulnerabilities

Background libupnp is a portable, open source, UPnP development kit. Description Multiple vulnerabilities have been discovered in libupnp. Please review the CVE identifiers referenced below for details. Impact A remote attack could arbitrarily write files to a users file system, cause a Denial of...

Mapserver Buffer Overflow Vulnerability

MapServer is an open source web mapping software. A buffer overflow vulnerability exists in Mapserver that could allow a remote user to crash the service or possibly execute arbitrary code...

DEBIAN-CVE-2016-10006

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

Arbitrary Code Execution Vulnerability in the Kernel Component of Multiple Apple Products (CNVD-2016-12824)

Apple iOS, watchOS, macOS, and tvOS are products of Apple Inc. Apple iOS is an operating system for mobile devices; watchOS is a smartwatch operating system. kernel is a kernel component. A security vulnerability exists in the Kernel component of several Apple products. A local attacker could...

Apple iOS APPLE-SA-2016-12-12-1 has multiple vulnerabilities (CNVD-2016-12705)

Apple iOS is an operating system developed for mobile devices. Apple iOS has multiple vulnerabilities. An attacker can exploit the vulnerabilities to bypass security restrictions, execute arbitrary code or perform unauthorized actions, and obtain sensitive information...

Microsoft Edge Memory Corruption (MS16-145: CVE-2016-7286)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption...

KLA10921 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerabilit...

CVE-2016-9428

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTML page...

USN-3143-1 c-ares vulnerability

Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2016-7196

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."...