The host is installed with VideoLAN VLC Media Player before 2.1.3 and is prone to divide-by-zero error vulnerability. A flaw is present in the application, which fails to handle a zero minimum and maximum data packet size in an ASF file. Successful exploitation allows attackers to cause a denial of service.
The host is installed with Wireshark 1.10.0 before 1.10.6 or 1.8.0 before 1.8.13 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a malformed packet trace file. Successful exploitation could allow attackers to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet ...
The host is installed with OpenSSL 1.0.1 before 1.0.1g and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Heartbeart Extension packets. Successful exploitation could allow attackers to disclose sensitive information.
The host is installed with Wireshark 1.10.12 through 1.10.14 and is prone to a denial of service vulnerability. A flaw is present in the application, which mishandles a certain strdup return value. Successful exploitation could allow attackers to cause a denial of service (application crash).
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
The host is installed with Ghostscript 9.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted PostScript document. Successful exploitation could allow attackers to crash the service.
The host is installed with LibreOffice 6.2.x before 6.2.7 or 6.3.x before 6.3.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle the Windows 8.3 path equivalence component. Successful exploitation could allow attackers to trigger a document to execute LibreLogo via a Windows filename pseudonym.
A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host. An attacker who successfully exploited this vulnerability could cause a connected guest's computer to open a browser and navigate to a URL without consent from the guest. To exploit the vulnerability, an attacker would need to h ...