All Vulnerabilities

  • Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-7256)
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    A remote code vulnerability exists when Microsoft Windows fails to properly parse OpenType fonts. An attacker who successfully exploited this vulnerability could take control of the affected system.
  • Internet Explorer Memory Corruption Vulnerability (CVE-2013-3143)
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.
  • Internet Explorer COMWindowProxy Use After Free Vulnerability (CVE-2013-0019)
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    There exists a remote code execution vulnerability in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
  • Internet Explorer Use After Free Vulnerability (CVE-2013-1309)
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.
  • Internet Explorer Memory Corruption Vulnerability (CVE-2013-3111)
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
  • Joomla Core Remote Privilege Escalation Vulnerability (CVE-2016-8869)
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    Joomla Core is prone to multiple security-bypass vulnerabilities. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
  • Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Ознакомиться со статьей   
  • Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201)
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
  • Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability
     Severity:    
     Publish Date:  21 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
  • Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-6941)
     Severity:    
     Publish Date:  16 December 2016
    < div id="listDescVul"class="pane showpane noborder" >
    Adobe Acrobat and Reader are prone to an unspecified memory corruption vulnerability. Attackers can exploit the vulnerability to do code corruption, control-flow hijack, or information leak attack.