Apple Mac OSX Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=709 nvDevice::ReleaseDeviceTexture is external method 0x10a of userclient 5 of the geforce IOAccelerator. It takes a single uint argument text:000000000001BCD2 mov r14d, esi ... text:000000000001BD08 and r14d, 7FFFFFFFh -- clear...

Apple Mac OSX - Kernel Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=709 nvDevice::ReleaseDeviceTexture is external method 0x10a of userclient 5 of the geforce IOAccelerator. It takes a single uint argument text:000000000001BCD2 mov r14d, esi...

CVE-2015-8366

Array index error in smaldecodesegment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes...

CVE-2007-0157

Array index error in the urilookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service crash via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error tha...

Gentoo Security Advisory GLSA 201405-23

Gentoo Linux Local Security Checks GLSA 201405-23 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-452)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-4036

Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted VHOSTSCSISETENDPOINT ioctl call. NOTE: the affected function w...

Memory corruption

Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted VHOSTSCSISETENDPOINT ioctl call. NOTE: the affected function w...

CVE-2015-4036

Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted VHOSTSCSISETENDPOINT ioctl call. NOTE: the affected function w...

CVE-2015-4036

Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted VHOSTSCSISETENDPOINT ioctl call. NOTE: the affected function w...

QEMU Programmable Interrupt Timer Controller Heap Overflow Exploit

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=419c4 The programmable interrupt timer PIT controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing...

OracleVM 3.3 : xen (OVMSA-2015-0067)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/traps: loop in the correct direction in compatiret This is XSA-136. CVE-2015-4164 - pcnet: force the buffer access to be in bounds during tx 4096 is the maximum length per TMD and it is also...

CVE-2015-4036

Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted VHOSTSCSISETENDPOINT ioctl call. NOTE: the affected function w...

Google Chrome < 41.0.2272.76 Multiple Vulnerabilities

Binary data 8684.pasl...

CVE-2015-1232

Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midimanagerusb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index...

CVE-2015-1232

Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midimanagerusb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index...

Out-of-bounds

Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midimanagerusb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index...

CVE-2015-1232

CVE-2015-1232 : In Google Chrome prior to 41.0.2272.76, an array index error in MidiManagerUsb::DispatchSendMidiData (media/midi/midi_manager_usb.cc) allows a remote attacker with renderer access to provide an invalid port index, triggering an out-of-bounds write and resulting in a Denial of Serv...

CVE-2014-9672

Array index error in the parsefond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file...

Out-of-bounds

Array index error in the parsefond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file...