270 matches found
CVE-2016-5858
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs...
Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/windowskernel' require 'rex' require 'metasm' class MetasploitModule 'Razer Synapse rzpnk.sys ZwOpenProcess', 'Description' = %q A...
Razer Synapse rzpnk.sys ZwOpenProcess Exploit
A vulnerability exists in the latest version of Razer Synapse v2.20.15.1104 as of the day of disclosure which can be leveraged locally by a malicious application to elevate its privileges to those of NTAUTHORITY\SYSTEM. This module requires Metasploit: http//metasploit.com/download Current source...
Razer Synapse rzpnk.sys ZwOpenProcess
A vulnerability exists in the latest version of Razer Synapse v2.20.15.1104 as of the day of disclosure which can be leveraged locally by a malicious application to elevate its privileges to those of NTAUTHORITY\SYSTEM. The vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver th...
CVE-2017-7368
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver...
Race condition
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver...
CVE-2017-7368
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver...
CVE-2017-7368
CVE-2017-7368 affects Android releases from CAF that use the Linux kernel. The issue is a race condition in the ioctl handler of a sound driver, identified as the root cause in the description. The access vector is local, with user interaction required, and the impact is described as high for con...
macOS Kernel 10.12.3 (16D32) - audit_pipe_open Off-by-One Memory Corruption Exploit
Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1126 MacOS kernel memory corruption due to off-by-one in auditpipeopen auditpipeopen is the special file open handler for the auditpipe device major number 10. Here's the code:...
Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1126 MacOS kernel memory corruption due to off-by-one in auditpipeopen auditpipeopen is the special file open handler for the auditpipe device major number 10. Here's the code: static int auditpipeopendevt dev, unused int flags,...
Android ssp_batch_ioctl Out-Of-Bounds Write Exploit
Android suffers from an out-of-bounds write in sspbatchioctl. Android: OOB write in sspbatchioctl SensorHub exposes a character device under /dev/batchio which can be used in order to send instructions to batches of running sensors. The IOCTL handler from this device has the following high-level...
CVE-2016-4306
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses...
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2948-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2948-1 advisory. Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An...
Ubuntu: Security Advisory (USN-2930-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...
PonyOS 0.4.99-mlp - Multiple Vulnerabilities
Advisory: PonyOS Security Issues John Cartwright Introduction ------------ Like countless others, I was pretty excited about PonyOS yesterday April 1st 2013 and decided to give it a go. After wasting a lot of time nyan'ing, I knew this was the future of desktop OSes. However, I wondered how secur...
RedHat Update for kernel RHSA-2011:0007-01
Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2011:0007-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Design/Logic Flaw
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving...
CVE-2009-1235
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving...