1649 matches found
CVE-2017-14969
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114...
CVE-2017-14964
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c...
TG Soft Vir.IT eXplorer Lite Denial of Service Vulnerability (CNVD-2017-37938)
TG Soft Vir.IT eXplorer Lite is a suite of virus protection software. The program features anti-virus, anti-spyware, malware and virus detection. A denial of service vulnerability exists in the VIRAGTLT.SYS file in TG Soft Vir.IT eXplorer Lite version 8.5.65, which originates when the program fai...
Qemu: qemu-nbd crashes due to undefined I/O coroutine
An assertion-failure flaw was found in the Network Block Device NBD server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to...
undertow: IO thread DoS via unclean Websocket closing
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...
undertow: IO thread DoS via unclean Websocket closing
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...
undertow: IO thread DoS via unclean Websocket closing
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...
Apple macOS High Sierra ImageIO Memory Corruption Vulnerability
Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers. imageIO is one of the static methods used to perform common image I/O operations. A security vulnerability exists in the ImageIO component of Apple macOS High Sierra versions prior to 10.13.1. A remote...
SUSE-SU-2017:2873-1 Security update for xen
This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host bsc10597...
ALPINE-CVE-2017-15589
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS or an arbitrary guest OS because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory...
USN-3444-2 linux-lts-xenial vulnerabilities
USN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO...
Sophos HitmanPro.Alert solution and Sophos Clean SurfRight HitmanPro denial of service vulnerabilities
Sophos HitmanPro.Alert solution and Sophos Clean are both virus protection software from Sophos UK.SurfRight HitmanPro is one of the malware scanning tools available. A security vulnerability exists in hitmanpro37.sys in versions prior to SurfRight HitmanPro 3.7.20 Build 286 in Sophos...
The vulnerability of the Android operating system’s IOCTL handler from the SAF repository, which allows a attacker to trigger a numerical overflow and write beyond the memory boundaries.
The vulnerability of the Android operating system’s IOCTL handler from the CAF repository arises due to synchronization errors when using a shared resource during a race condition. Exploiting this vulnerability can allow an attacker to trigger a full memory overflow and write beyond the memory...
CVE-2017-14398
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection...
CVE-2017-14075
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...
kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c
It was found that the Linux kernel can hit a BUGON statement in the xfsgetblocks in the fs/xfs/xfsaops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUGON instead of an I/O failure. This allows a local unprivileged attacke...
A vulnerability exists in the ioctl handler of the Android-based mobile application, allowing an attacker to gain access beyond the memory boundaries.
The vulnerability in the ioctl handler of the Android mobile application for the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access beyond the memory boundaries due to the lack of...
ALPINE-CVE-2017-13766
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...
openSUSE Security Update : freeradius-server (openSUSE-2017-972)
This update for freeradius-server fixes the following issues : - update to 3.0.15 bsc1049086 - Bind the lifetime of program name and python path to the module - CVE-2017-10978: FR-GV-201: Check input / output length in makesecret bsc1049086 - CVE-2017-10983: FR-GV-206: Fix read overflow when...
Adiscon rsyslog zmq3 input and output module string vulnerability
Adiscon rsyslog is a multithreaded enhancement of syslogd from Adiscon Germany, which is mainly used to collect system logs. zmq3 input and output modules is one of the input and output modules. A security vulnerability exists in the zmq3 input and output module in versions of Adiscon rsyslog pri...