All Vulnerabilities

Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-7256)
 Severity:    
 Date Published:  21 Dec 2016
A remote code vulnerability exists when Microsoft Windows fails to properly parse OpenType fonts. An attacker who successfully exploited this vulnerability could take control of the affected system.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3143)
 Severity:    
 Date Published:  21 Dec 2016
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.
There exists a remote code execution vulnerability in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Use After Free Vulnerability (CVE-2013-1309)
 Severity:    
 Date Published:  21 Dec 2016
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3111)
 Severity:    
 Date Published:  21 Dec 2016
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
Joomla Core Remote Privilege Escalation Vulnerability (CVE-2016-8869)
 Severity:    
 Date Published:  21 Dec 2016
Joomla Core is prone to multiple security-bypass vulnerabilities. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-7255)
 Severity:    
 Date Published:  21 Dec 2016
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-6941)
 Severity:    
 Date Published:  16 Dec 2016
Adobe Acrobat and Reader are prone to an unspecified memory corruption vulnerability. Attackers can exploit the vulnerability to do code corruption, control-flow hijack, or information leak attack.

Featured Stories