6809 matches found
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
GNU Binutils Denial of Service Vulnerability (CNVD-2017-33379)
GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...
PT-2017-3830
Name of the Vulnerable Software and Affected Versions Apache Solr versions prior to 5.5.5 Apache Solr versions prior to 6.6.2 Apache Solr versions prior to 7.1.0 Apache Lucene versions prior to 7.1.0 Description The issue is related to the incorrect restriction of XML external entity references i...
Overflow vulnerability in WPS demo ppt reader module
WPS Office is an office software suite developed independently by Kingsoft Corporation. An overflow vulnerability exists in the pptreader module of WPS presentation wpp.exe in WPS when parsing a specific ppt file, which can be exploited by an attacker to cause a denial of service or execute...
Partner Perspectives – Detecting Ransomware: Behind the Scenes of an Attack
Editor's Note: This blog originally appeared on RedCanary.com Ransomware has been the threat of the year. If you’ve had even a lazy eye on current events in information security, you’ve heard about the WannaCry infection that recently took out endpoints for hundreds of companies. By now you’ve...
CVE-2017-14604
An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a .desktop file disguised as a document, such as a PDF, and execute...
CVE-2017-14604
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...
Null Pointer Reference Vulnerability in WPS Demo kso Module
WPS Office is an office software suite developed independently by Kingsoft Corporation. A null pointer reference vulnerability exists in the kso module of WPS presentation wpp.exe in WPS when parsing a specific ppt file, which can be exploited by an attacker to cause a denial of service or lead t...
Memory Corruption Vulnerability in Yongzhong Office
Yongzhong Office is an independently controlled office learning software developed by Yongzhong Software Co. A memory corruption vulnerability exists in YozoImpress.exe, which can be exploited by attackers to cause a denial of service or can lead to code execution...
UBUNTU-CVE-2017-14529
The peprintidata function in peXXigen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted PE file...
GNU Binutils Binary File Descriptor Library Denial of Service Vulnerability
GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...
CVE-2017-10860
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 JST allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...
Design/Logic Flaw
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 JST allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...
JVN#75929834: Install program and Installer of i-フィルター 6.0 may insecurely load Dynamic Link Libraries and invoke executable files
i-フィルター 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-フィルター 6.0 install program and installer contain the following vulnerabilities. Lead to insecurely loading...
BlackCat CMS File Upload Vulnerability
BlackCat CMS is a content management system CMS based on PHP5 and HTML5 developed by Black Cat team. A security vulnerability exists in BlackCat CMS version 1.2.2, which stems from the program's failure to validate file extensions. The vulnerability can be exploited to upload files with extension...