Vulnerability of Adobe AIR software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

Vulnerability exists in Adobe AIR due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...

The vulnerability in Microsoft.NET Framework software allows a malicious attacker to compromise the confidentiality of protected information.

Vulnerability exists in the Microsoft .NET Framework, and it allows attackers to circumvent the ASLR protection mechanism, which safeguards users against a wide range of vulnerabilities. Simply bypassing the protection mechanism itself does not allow the execution of arbitrary code. However,...

The vulnerability of the Flash Player software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in the Adobe Flash Player due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows attackers to bypass the ASLR Address Space Layout Randomization protection mechanism...

The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...

The vulnerability of the Windows operating system, which allows a hacker to bypass the ASLR protection mechanism

The vulnerability of the dynamically linked GDI32.dll library of the Windows operating system’s Graphics component is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass the ASLR protection mechanism...

OSX < 10.11.5 Multiple Vulnerabilities

Binary data 800143.prm...

CVE-2016-3216

GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors...

USN-3003-1: Linux kernel vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

USN-3001-1: Linux kernel (Vivid HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

USN-2997-1: Linux kernel (OMAP4) vulnerabilities

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-3001-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3001-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2996-1)

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3004-1)

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-3000-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3000-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-2965-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2965-3 advisory. Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors,...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerability (USN-2965-4)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2965-4 advisory. Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors,...

USN-2965-4: Linux kernel (Qualcomm Snapdragon) vulnerability

Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the...

flashplugin: multiple issues

CVE-2016-1006 JIT spraying mitigation bypass These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations. - CVE-2016-1015 CVE-2016-1019 arbitrary code execution These updates resolve type confusion vulnerabilities that could...

Adobe Flash Player Memory Misreference Vulnerability (CNVD-2016-02105)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A memory misreference vulnerability exists in Adobe Flash Player. An attacker could exploit this vulnerability to...

Linux ASLR Disablement Vulnerability

Linux ASLR address space layout randomization is a set of mechanisms for controlling memory address randomization in Linux systems. A security vulnerability exists in the Linux ASLR implementation. An attacker can exploit this vulnerability by setting the RLIMITSTACK resource to 'unlimited' to...