203 matches found
CVE-2020-3679
u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...
PT-2020-20042 · Nextcloud +1 · Nextcloud Desktop Client +1
Name of the Vulnerable Software and Affected Versions: NextCloud Desktop Client version 2.6.4 Description: A memory corruption issue exists due to missing Address Space Layout Randomization ASLR and Data Execution Prevention DEP protections in the Windows version of the software, allowing memory...
Protection Mechanism Bypass
The kernel is vulnerable to Protection Mechanism Bypass. The startcode and endcode values in "/proc/pid/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization ASLR...
CVE-2018-21076
An issue was discovered on Samsung mobile devices with N7.x Exynos8890/8895 chipsets software. There is information disclosure a KASLR offset in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 April 2018...
Denial Of Service (DoS)
Kernel is vulnerable to denial of service DoS because kernel space address bits to derive IP ID may potentially break KASLR...
Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR
A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a nethashmix function. A remote user could observe this IP ID field to extract the kernel address bits used to derive its value, which may result in leaking the hash key and...
CVE-2019-19126
A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...
CVE-2014-5439
Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute...
CVE-2014-5439
Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute...
Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-4008-3)
USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Swiecki discovered that the Linux kernel did not properly apply Address Space...
Ubuntu: Security Advisory (USN-4008-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerability (USN-4006-2)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4006-2 advisory. USN-4006-1 fixed a vulnerability in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel...
Ubuntu: Security Advisory (USN-4007-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4006-1: Linux kernel vulnerability
Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization ASLR in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardeni...
KB4471324: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 Security Update
The remote Windows host is missing security update 4471324. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could...
NetSpectre — New Remote Spectre Attack Steals Data Over the Network
A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed "NetSpectre," the new remote side-channel attack, which is related to Spectre...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...
KB4093115: Windows 8.1 and Windows Server 2012 R2 April 2018 Security Update
The remote Windows host is missing security update 4093115 or cumulative update 4093114. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. CVE-2018-1009 - ...
Microsoft Windows Multiple Vulnerabilities (KB4088787)
This host is missing a critical security update according to Microsoft KB4088787 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...