4371 matches found
Windows Kernel double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass( CVE-2018-0809)
We have noticed the following code in the win32kfull!xxxImeWindowPosChanged function on Windows 10 version 1709 32-bit listing from the IDA Pro disassembler: .text:000485A4 ; try // except at locF3502 .text:000485A4 mov ebp+msexc.registration.TryLevel, 0 .text:000485AB mov eax, ecx .text:000485AD...
ZZIPlib Denial of Service Vulnerability (CNVD-2018-05513)
ZZIPlib is a set of lightweight file compression tools. A security vulnerability exists in the 'zzipfetchdisktrailer' function of the zzip/zip.c file in ZZIPlib version 0.13.67. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted zip file...
The vulnerability of the Fetch API interface in Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a perpetrator to trigger a service failure.
The vulnerability of the Fetch API interface in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Updated php-smarty packages fix security vulnerability
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...
CVE-2017-3160
CVE-2017-3160 affects Apache Cordova for Android, where on first add/build the Gradle tool is downloaded via an HTTP (not HTTPS) URI by default. This enables a man-in-the-middle (MiTM) attack that can tamper with the Gradle distribution, since the downloaded Gradle executable is immediately execu...
UBUNTU-CVE-2018-6484
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the zzipfetchdisktrailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...
chrome:Cross-origin object leak via fetch
VULNERABILITY DETAILS The promise returned by fetch.callcrossOriginWindow is created in the cross-origin context. Direct cross-origin scripting is not possible because cross-origin function constructors don't work anymore issue 541703 . But the attacker can e.g. call other functions of the...
CVE-2018-5092
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox 58...
UBUNTU-CVE-2018-5092
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox 58...
bind: Improper fetch cleanup sequencing in the resolver can cause named to crash
A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion...
bind: Improper fetch cleanup sequencing in the resolver can cause named to crash
A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion...
USN-3535-1 bind9 vulnerability
Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...
CODE EXECUTION (CVE-2018-5189) WALKTHROUGH ON JUNGO WINDRIVER 12.5.1
INTRODUCTION Windows kernel exploitation can be a daunting area to get into. There are tons of helpful tutorials out there and originally this post was going to add to that list. This is the story of how I found CVE-2018-5189 and a complete walkthrough of the exploit development cycle. The idea w...
CVE-2017-3145
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1...
UBUNTU-CVE-2017-3145
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1...
Fedora 27 : curl (2017-b25c8a7087)
fix buffer overflow while processing IMAP FETCH response CVE-2017-1000257 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
CVE-2018-5189
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service buffer overflow or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability...
CVE-2018-5189
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service buffer overflow or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability...
Race condition
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service buffer overflow or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability...
CVE-2018-5189
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service buffer overflow or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability...