CVE-2021-36010

Adobe Illustrator version 25.2.3 and earlier is affected by an out-of-bounds read vulnerability that could lead to disclosure of memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must ope...

drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e. the real IOMEM pointer).

...

UBUNTU-CVE-2021-38205

drivers/net/ethernet/xilinx/xilinxemaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer i.e., the real IOMEM pointer...

CVE-2020-24427

Acrobat Reader versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to...

CVE-2020-24426

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...

PYSEC-2020-128

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

PYSEC-2020-285

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

The vulnerability of the Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Windows operating system’s kernel is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to disclose sensitive information, which may lead to bypassing ASLR Address Space Randomization protection mechanisms, through a specially...

ALPINE-CVE-2020-14347

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable...

PT-2020-3582 · Xorg +8 · Xorg-Server +8

Name of the Vulnerable Software and Affected Versions: Xorg-server versions prior to 1.20.9 Description: A flaw was found in the way xserver memory was not properly initialized, which could leak parts of server memory to the X client. In cases where the Xorg server runs with elevated privileges,...

DEBIAN-CVE-2020-12863

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083...

kernel: ASLR bypass for setuid binaries due to late install_exec_creds()

A flaw in the loadelfbinary function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because installexeccreds is called too late in this function...

kernel: ASLR bypass for setuid binaries due to late install_exec_creds()

A flaw in the loadelfbinary function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because installexeccreds is called too late in this function...

UBUNTU-CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

ALPINE-CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

PT-2019-11440 · Gnu +1 · Glibc +1

Name of the Vulnerable Software and Affected Versions: GNU Libc affected versions not specified Description: The issue is related to a mitigation bypass, where an attacker may bypass ASLR using the cache of thread stack and heap. The component affected is glibc. It is noted that upstream comments...

PT-2019-11441 · Gnu +1 · Glibc +1

Name of the Vulnerable Software and Affected Versions: glibc affected versions not specified Description: The issue concerns a mitigation bypass in glibc, allowing an attacker to potentially guess the heap addresses of pthread-created threads. The vendor's stance is that ASLR bypass itself is not...

USN-4008-3 linux-lts-xenial, linux-aws vulnerabilities

USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Święcki discovered that the Linux kernel did not properly apply Address Space...

USN-4006-2 linux-hwe vulnerability

USN-4006-1 fixed a vulnerability in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space...

UBUNTU-CVE-2018-20022

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...