CVE-2016-5841

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service segmentation fault or possibly execute arbitrary code via vectors involving the offset variable...

CVE-2016-5841

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service segmentation fault or possibly execute arbitrary code via vectors involving the offset variable...

CVE-2016-5841

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service segmentation fault or possibly execute arbitrary code via vectors involving the offset variable...

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the...

Microsoft Office Information Disclosure (MS16-148: CVE-2016-7265)

An information disclosure vulnerability was discovered within Microsoft Office. The vulnerability is due to reading out of bound memory due to an uninitialized variable which could disclose the contents of memory. A remote attacker can exploit this issue by enticing a victim to open a specially...

Microsoft Office Information Disclosure (MS16-148: CVE-2016-7264)

An information disclosure vulnerability exists within Microsoft Office. The vulnerability occurs due to an out-of-bound memory read as a result of an uninitialized variable, and could be used to disclose the memory content. A remote attacker can exploit this issue by enticing a victim to open a...

Design/Logic Flaw

In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to...

CVE-2016-9638

In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to...

Downloads Resources over HTTP

Overview Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in cod...

DEBIAN-CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2016:2904-1)

This update for sudo fixes the following security issues : - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality : - noexec bypass via system and popen CVE-2016-7032, bsc1007766 - noexec bypass via wordexp CVE-2016-7076, bsc1007501 - Fix unsafe handling of TZ...

SUSE-SU-2016:2904-1 Security update for sudo

This update for sudo fixes the following security issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: noexec bypass via system and popen CVE-2016-7032, bsc1007766 noexec bypass via wordexp CVE-2016-7076, bsc1007501 - Fix unsafe handling of TZ...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)

This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTPPROXY environment variable based on user-supplied Proxy request header. bsc989523 - CVE-2016-0772: A...

Microsoft Edge - Array.filter Information Leak

Microsoft Edge - Array.filter Information Leak var b = new Array1,2,3; var d = new Array1,2,3; class dummy constructor alert"in constructor"; return d; class MyArray extends Array // Overwrite species to the parent Array constructor static get Symbol.species alert"get"; b0 = ; return dummy; var a...

Race condition

Race condition in the environread function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc//environ file during a process-setup time interval in which environment-variable copying is incomplete...

php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibl...

Oracle Linux 7 : php (ELSA-2016-2598)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2598 advisory. - bz2: fix improper error handling in bzread CVE-2016-5399 - gd: fix integer overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766 - gd: fi...

tomcat security, bug fix, and enhancement update

0:7.0.69-10 - Related: rhbz1368122 0:7.0.69-9 - Resolves: rhbz1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz1368122 0:7.0.69-7 - Resolves: rhbz1362545 0:7.0.69-6 - Related: rhbz1201409 Added /etc/sysconfig/tomcat to the systemd unit fo...

Microsoft Office Word Viewer Information Disclosure Vulnerability (3199168)

This host is missing an important security update according to Microsoft Bulletin MS16-133. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...