EUVD-2018-17162

Malware in sbrugna...

CVE-2025-51726

CyberGhostVPNSetup.exe Windows installer is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification...

CVE-2019-1010024

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...

Ubuntu: Security Advisory (USN-4006-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4007-1: Linux kernel vulnerability

Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization ASLR in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardeni...

Design/Logic Flaw

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR...

CVE-2017-5927

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR...

MS14-046: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: August 12, 2014

MS14-046: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: August 12, 2014 View products that this article applies to.This update resolves a vulnerability in the Microsoft .NET Framework that could bypass the...

The vulnerability of the Internet Explorer browser, which allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The Internet Explorer browser contains a vulnerability in its ASLR component a mechanism for randomizing the address space, which is related to errors in the implementation of the address space limitation. Exploiting this vulnerability can allow a malicious actor to bypass the ASLR limitation and...

USN-2965-2: Linux kernel (Xenial HWE) vulnerabilities

USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in t...

Linux ASLR vulnerabilities: an attacker with unlimited disable ASLR（CVE-2 0 1 6-3 6 7 2-the vulnerability warning-the black bar safety net

! Recently, security personnel repair a Linux ASLR in a relatively old vulnerability, with x86 devices on the 3 2-bit application usage rights of any user, by the RLIMITSTACK resource is set to“unlimited”you can disable ASLR. The vulnerability CVE number CVE-2 0 1 6-3 6 7 2, The CNNVD number of...

MS KB3065820: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote Windows host is missing KB3065820. It is, therefore, affected by the multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. CVE-2015-3096 - An unspecified memory address randomization flaw exists on Windows 7 64-bit...

CVE-2014-4122

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."...

Design/Logic Flaw

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability."...

CVE-2014-1809

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability."...

CVE-2014-0295

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."...

CVE-2013-5057

The CVE-2013-5057 issue affects hxds.dll in Microsoft Office 2007 SP3 and Office 2010 SP1/SP2. The root cause is that hxds.dll does not implement ASLR, enabling remote attackers to execute arbitrary code via a crafted COM component on a web site viewed with Internet Explorer; this was observed in...