FreeBSD-SA-18:14.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:14.bhyve Security Advisory The FreeBSD Project Topic: Insufficient bounds checking in bhyve8 device model Category: core Module: bhyve Announced: 2018-12-04...

Memory Overwrite

github.com/google/gvisor is vulnerable to memory overwrite attacks. The vulnerability through repeated calls of shmctlIPCRMID which forces a segment to be destroyed prematurely. This could be reused and accessible by a different process...

Google gVisor Elevation of Privilege Vulnerability

Google gVisor is a user-space kernel written in the Go language for use in Linux systems. A security vulnerability in the pkg/sentry/kernel/shm/shm.go file in versions of Google gVisor prior to 2018-11-01 stems from the program not handling reference counting correctly. An attacker could use the...

CVE-2018-19333

pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root but not escape the sandbox via vectors involving IPCRMID shmctl calls, because reference counting is mishandled...

CVE-2018-19333

CVE-2018-19333 affects Google gVisor (pkg/sentry/kernel/shm/shm.go) prior to 2018-11-01. The issue arises from mishandled reference counting, allowing attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via IPC_RMID shmctl-related vectors. This is a m...

DEBIAN-CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

ALPINE-CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

CVE-2016-2123

CVE-2016-2123 affects Samba versions 4.0.0–4.5.2, where the routine ndr_pull_dnsp_name contains an integer wrap/overflow flaw in parsing data from the Samba AD ldb database. An attacker who can write to the dnsRecord attribute over LDAP (default: authenticated LDAP users can do so for new DNS obj...

CVE-2018-15688 Out-of-Bounds write in systemd-networkd dhcpv6 option handling

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239...

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

A pair of researchers have developed an attack method that can bypass mitigations for cold-boot attacks on laptops. A physical attacker can compromise a laptop that’s in sleep mode, potentially lifting sensitive passwords, encryption keys and other information. The ramifications are, on the...

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditionalCold Boot Attack , which is around since 2008 and lets attackers...

GHSA-HGGX-3H72-49WW Pillow Buffer overflow in ImagingLibTiffDecode

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file...

Pillow Buffer overflow in ImagingLibTiffDecode

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file...

CVE-2018-10621

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the applicati...

Denial Of Service (DoS)

libpoppler.so is vulnerable to denial of service DoS attacks. A malicious user can pass a pdf file to the isImageInterpolationRequired function in Splash.cc to cause a floating point exception that can crash the application or overwrite memory...

FTP shutdown response buffer overflow

curl might overflow a heap based memory buffer when closing down an FTP connection with long server command replies. When doing FTP transfers, curl keeps a spare "closure handle" around internally that is used when an FTP connection gets shut down since the original curl easy handle is then alrea...

Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-029)

According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented...