193 matches found
CVE-2021-40697
Adobe Framemaker versions 2019 Update 8 and earlier and 2020 Release Update 2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this...
AZL-6589 CVE-2021-38205 affecting package kernel for versions less than 5.10.78.1-1
drivers/net/ethernet/xilinx/xilinxemaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer i.e., the real IOMEM pointer...
ctf-writeups
This is a PoC exploit for a double free vulnerability in a binary. The exploit creates overlapping chunks on the heap, manipulates heap metadata, and overwrites the mallochook with a one-gadget address to execute /bin/sh. The challenge is interesting because it does not allow the exploitation of...
CVE-2020-24426
Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...
UBUNTU-CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable...
PT-2020-6251 · Sane +4 · Sane-Backends +4
Name of the Vulnerable Software and Affected Versions: SANE Backends versions prior to 1.0.30 Description: The issue is related to an out-of-bounds read in the SANE Backends interface, which provides access to scanning devices. This may allow a malicious device connected to the same local network...
DEBIAN-CVE-2019-19126
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
USN-4007-2 linux-aws-hwe, linux-hwe, linux-oracle vulnerability
USN-4007-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Federico Manuel Bento discovered that the Linux kernel did not properly apply Address...
Android Q — Google Adds New Mobile Security and Privacy Features
Google has recently released the first beta version of Android Q, the next upcoming version of Google's popular mobile operating system, with a lot of new privacy improvements and other security enhancements. Android Q, where Q has not yet been named, offers more control over installed apps, thei...
kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call...
CVE-2018-5837
In Snapdragon Automobile, Mobile, Wear in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710,...
Code injection
In Snapdragon Automobile, Mobile, Wear in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710,...
CVE-2018-5837
The CVE-2018-5837 entry concerns Snapdragon SoCs (IPQ8074, MDM9xxx, SD series, etc.) where MAC address randomization during probe requests is compromised by a flawed RNG that outputs repeating values far sooner than expected. The description covers the affected devices and the root cause, but the...
UBUNTU-CVE-2018-5392
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...
Mozilla Firefox, Firefox ESR and Thunderbird Memory Corruption Vulnerability (CNVD-2018-12100)
Mozilla Firefox, Firefox ESR, and Thunderbird are products developed by the Mozilla Foundation.Firefox is an open source web browser, and Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client software...
DEBIAN-CVE-2018-7755
An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discove...
PT-2018-3026 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.15.8 Description: The issue is related to the fd locked ioctl function in the Linux kernel, specifically in the floppy driver. It allows an attacker to obtain a kernel pointer by sending the FDGETPRM ioctl,...
DEBIAN-CVE-2018-7273
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function showfloppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel...
UBUNTU-CVE-2018-7273
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function showfloppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel...
DEBIAN-CVE-2017-1000410
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...