802 matches found
OpenSSL: Fix memory issues in BIO_*printf functions
Several flaws were found in the way BIOprintf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application...
SUSE-SU-2016:1149-1 Security update for freetype2
This update of the freetype2 library fixes two security issues: - An infinite loop in parseencoding in t1load.c CVE-2014-9745, bsc945849 - Use of uninitialized memory in psparserloadfield, t42parsefontmatrix and t1parsefontmatrix CVE-2014-9747, bsc947966...
MGASA-2016-0149 Updated java-1.8.0-openjdk packages fix security vulnerabilities
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-0686, CVE-2016-0687. It wa...
CVE-2015-6175
The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability."...
PT-2015-2833 · Adobe +3 · Air Sdk & Compiler +7
Name of the Vulnerable Software and Affected Versions: Adobe Integrated Runtime versions affected versions not specified Adobe Flash Player versions affected versions not specified Adobe AIR versions affected versions not specified Adobe AIR SDK versions affected versions not specified Adobe AIR...
USN-2724-1 qemu, qemu-kvm vulnerabilities
It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-9718 Donghai Zhu discovered that QEMU...
Microsoft Internet Explorer CStyleAttrArray Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
CVE-2015-4651
The dissectwccp2r1addresstableinfo function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service applicatio...
Google Chrome memory corruption vulnerability (CNVD-2015-02654)
Google Chrome is a web browser developed by the American company Google Google. Google Chrome versions prior to 42.0.2311.90, the function NaClSandbox::InitializeLayerTwoSandbox within components/nacl/loader/sandboxlinux/naclsandboxlinux.cc Failure to apply RLIMITAS and RLIMITDATA restrictions to...
USN-2550-1 firefox vulnerabilities
Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. CVE-2015-0801 Bobby Holley discovered that...
MS14-082: Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
The remote Windows host is running a version of Microsoft Office that is affected by a remote code execution vulnerability due to a use-after-free memory issue caused by Microsoft Word not properly handling objects in memory. A remote attacker can exploit this vulnerability by convincing a user t...
USN-2399-1 curl vulnerability
Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPTCOPYPOSTFIELDS and curleasyduphandle. This may result in sensitive data being incorrectly sent to the remote server...
Firefox ESR 24.x < 24.4 Multiple Vulnerabilities
The installed version of Firefox ESR 24.x is a version prior to 24.4. It is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - A flaw exists in the checkHandshake function due to...
Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird is a version prior to version 24.4. It is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - An issue exists where extracted files for updates ar...
Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox ESR 24.x is prior to 24.4 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - A flaw exists in the checkHandshake function due to improper...
Thunderbird < 24.2 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - Two use-after-free...
Debian DSA-2719-1 : poppler - several vulnerabilities
Multiple vulnerabilities were discovered in the poppler PDF rendering library. - CVE-2013-1788 Multiple invalid memory access issues, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document. - CVE-2013-1790 An uninitialized memory...
Debian: Security Advisory (DSA-2719-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read
Apple Quick Time Player Windows 7.7.3 - Out of Bound Read Title: Apple Quick Time Player WindowsVersion 7.7.3 Out of Bound Read Date: 28th January,2013 Author: Debasish Mandal https://twitter.com/debasishm89 Blog : http://www.debasish.in/ Vendor Homepage: http://www.apple.com/ Software Link:...
Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read
Exploit for windows platform in category dos / poc Title: Apple Quick Time Player WindowsVersion 7.7.3 Out of Bound Read Date: 28th January,2013 Author: Debasish Mandal https://twitter.com/debasishm89 Blog : http://www.debasish.in/ Vendor Homepage: http://www.apple.com/ Software Link:...