kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...

kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...

kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...

kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...

kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...

The vulnerability of the yaml.load function in the Databook loading library for the Python Tablib library allows a attacker to execute any command.

The vulnerability of the yaml.load function in the Databook loading library of the Python Tablib library is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

UBUNTU-CVE-2017-14630

In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file inpcx.cpp, leading to an invalid write operation...

Debian DLA-1100-1 : gdk-pixbuf security update

Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened. For Debian 7 'Wheezy', these problems have been fixed in version 2.26.1-1+deb7u6. We recommend that you upgrade your gdk-pixbuf...

[SECURITY] [DLA 1100-1] gdk-pixbuf security update

Package : gdk-pixbuf Version : 2.26.1-1+deb7u6 CVE ID : CVE-2017-2862 Debian Bug : 874552 Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened. For Debian 7 "Wheezy", these problems...

Debian DSA-3978-1 : gdk-pixbuf - security update

Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

VulnCheck KEV: CVE-2017-20201

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API...

Debian: Security Advisory (DSA-3978-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Android operating system’s loader from the CAF repository allows a hacker to execute arbitrary code within the kernel context.

The vulnerability of the Android operating system’s loader from the CAF repository is caused by a numerical overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the kernel context...

EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1200)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack overflow vulnerability was found in nan functions that could cause applications, which process long strings with the nan function, to cra...

EulerOS 2.0 SP1 : glibc (EulerOS-SA-2017-1199)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack overflow vulnerability was found in nan functions that could cause applications, which process long strings with the nan function, to cra...

DEBIAN-CVE-2017-2862

An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability...

Monitoring Windows Console Activity (Part 1)

Introduction While performing incident response, Mandiant encounters attackers actively using systems on a compromised network. This activity often includes using interactive console programs via RDP such as the command prompt, PowerShell, and sometimes custom command and control C2 console tools...

Hijacking Autoloader

symfony/class-loader is susceptible to the hijacking of the autoloader. The vulnerability exists because it does not prevent the ability to access the loader instance, resulting in the auto-outputting or revealing unwanted information...

UBUNTU-CVE-2017-13133

In ImageMagick 7.0.6-8, the loadlevel function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service loadtile memory exhaustion via a crafted file...

Scientific Linux Security Update : glibc on SL7.x x86_64 (20170801)

Security Fixes : - A stack overflow vulnerability was found in nan functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. CVE-2014-9761 - It was found that out-of-range time values passed to the strftime functio...