Apple MAC OS X LZVN Compression Memory Leak Vulnerability

Apple Mac OS X is a commercial operating system. A security vulnerability in Apple Mac OS X LZVN compression handling allows an attacker to run a malicious application to obtain memory layout information...

Apple MAC OS X NTFS Memory Layout Disclosure Vulnerability

Apple Mac OS X is a commercial operating system. A security vulnerability exists in Apple Mac OS X NTFS that allows local attackers to exploit the vulnerability to run malicious applications to obtain kernel memory layout...

Microsoft refused to fix the 3 2-bit the IE vulnerability, the reason given is: 3 2-bit programs to be eliminated-vulnerability warning-the black bar safety net

! HP security expert Dustin Childs recently disclosed one that affects millions of 3 2-bit Windows systems the IE vulnerability. Looks pretty serious isn't it? However, Microsoft does not seem to intend to fix this vulnerability...... This is a based on ASLR, address space layout randomization of...

UBUNTU-CVE-2015-5073

Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers to cause a denial of service crash or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an...

Google Chrome < 43.0.2357.124 Multiple Vulnerabilities

Binary data 8783.pasl...

ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)

An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...

kernel: partial ASLR bypass through TLS base addresses leak

An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage TLS during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process...

on windows systems use the VS compiler to buffer overflow preventive measures-vulnerability warning-the black bar safety net

0x01 /GS --buffer security check If you use the/GS compile the program to insert code to detect possible overwrite the function return address of buffer overflows. If the occurrence of a buffer overflow, the system will display to the user a warning dialog, and then terminate the program. Thus, t...

APPLE-SA-2015-05-19-1 Watch OS 1.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-05-19-1 Watch OS 1.0.1 Watch OS 1.0.1 is now available and addresses the following: Certificate Trust Policy Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Update to the certificate trust policy Descriptio...

Debian DLA-219-1 : icu security update

Several vulnerabilities were discovered in the International Components for Unicode ICU library : CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional...

[SECURITY] [DLA 219-1] icu security update

Package : icu Version : 4.4.1-8+squeeze3 CVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419 CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926 CVE-2014-7940 CVE-2014-9654 Several vulnerabilities were discovered in the International Components for Unicode ICU library:...

Microsoft VBScript ASLR Bypass Vulnerability

Microsoft Internet Explorer is a WEB-based browser. An unspecified ASLR bypass vulnerability exists in Microsoft Internet Explorer, which allows remote attackers to exploit the vulnerability to construct a malicious WEB page that can be tricked into parsing, bypassing security restrictions, and...

Adobe Flash Player Information Disclosure ASLR Protection Bypass Vulnerability (CNVD-2015-03205)

Adobe Flash Player is a Flash file processing program.Adobe AIR is a cross-operating system runtime library produced by Adobe, through which developers can take advantage of existing Web development technology. A memory information disclosure vulnerability exists in Adobe Flash Player/AIR's...

Adobe Flash Player Information Disclosure ASLR Protection Bypass Vulnerability (CNVD-2015-03206)

Adobe Flash Player is a Flash file processing program.Adobe AIR is a cross-operating system runtime library produced by Adobe, through which developers can take advantage of existing Web development technology. A memory information disclosure vulnerability exists in Adobe Flash Player/AIR's...

DLA-219-1 icu - security update

Bulletin has no description...

flash-plugin: information leaks leading to ASLR bypass (APSB15-09)

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses,...

Microsoft Windows JScript & VBScript Security Bypass Vulnerability (3057263)

This host is missing an important security update according to Microsoft Bulletin MS15-053. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Internet Explorer Memory Corruption (MS15-043: CVE-2015-1686)

A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to JScript and VBScript engines not using Address Space Layout Randomization ASLR security feature when rendered in Internet Explorer. A remote attacker can exploit this issue by...

Google Chrome < 42.0.2311.152 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.152. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash : - An unspecified security bypass flaw exists that allows an attacker to disclose sensitive information. CVE-2015-3044 -...

Multiple Cross-Site Scripting Vulnerabilities in Pimcore userClassController.php

Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. The exportClassAction and exportCustomLayOutDefinitionAction functions in the Pimcore userClassController.php script fail to properly handle the 'id' GET parameter, allowing remote attackers to exploit...