UBUNTU-CVE-2017-13693

The acpidscreateoperands function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kerne...

DEBIAN-CVE-2017-13693

The acpidscreateoperands function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kerne...

UBUNTU-CVE-2017-11472

The acpinsterminate function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kernel throug...

The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...

Microsoft Windows Win32k Information Leakage Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. A security feature bypass vulnerability exists in the Microsoft Windows kernel. A local attacker can exploit this vulnerability to retrieve the memory address of a kernel object, resulting in a kernel...

The vulnerability of the Flash Player software platform, which allows a violator to bypass the ASLR protection mechanism

The vulnerability of the Flash Player software is related to errors in security settings. Exploiting this vulnerability allows a malicious actor to bypass the ASLR protection mechanism by using JIT data...

UBUNTU-CVE-2016-3672

The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDRNORANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid...

The vulnerability of the Windows operating system, which allows a hacker to bypass the ASLR protection mechanism

The vulnerability of graphical device interfaces in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass the ASLR protection mechanism...

The vulnerability of the Windows operating system, which allows a hacker to bypass the KASLR security mechanism

The vulnerability of the Windows operating system’s kernel is related to the lack of protection for service data. Exploiting this vulnerability allows a local attacker to bypass the KASLR protection mechanism through a specially crafted application...

The vulnerability of the Microsoft .NET Framework software platform, which allows a hacker to bypass the ASLR protection mechanism

The vulnerability of the Microsoft .NET Framework software lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass ASLR protection by using a specially created website...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2015-07594)

Microsoft Windows is a series of operating systems designed for personal computer and server users from the American company Microsoft. Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and...

Microsoft .NET Framework Security Mechanism Bypass Vulnerability

Microsoft .NET Framework is a popular software development toolkit. A security mechanism bypass vulnerability exists in Microsoft .NET Framework versions 2.0 SP2, 3.5, and 3.5.1, which allows remote attackers to bypass the ASLR security mechanism via a crafted web site...

Hacking Team Android browser attacks during the vulnerability analysis Stage 2-vulnerability warning-the black bar safety net

A, vulnerability introduction: Hacking team of the year broke out for android4. 0. x-4.3. x android browser vulnerabilities to attack the use of the code. The exploit code, by successive use of a plurality of browser and kernel vulnerabilities, is done through Javascript to the virtual memory wri...

CentOS Update for kernel CESA-2015:1778 centos7

Check the version of kernel SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882285";...

kernel: ASLR bruteforce possible for vdso library

An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object vDSO implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space...

kernel: ASLR bruteforce possible for vdso library

An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object vDSO implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space...

Important: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whic...

kernel: ASLR bruteforce possible for vdso library

An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object vDSO implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space...

FreeBSD : Adobe Flash Player -- critical vulnerabilities (1e63db88-1050-11e5-a4df-c485083ca99c)

Adobe reports : Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a vulnerability CVE-2015-3096 that could be...

UBUNTU-CVE-2015-3097

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it...