kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation

A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space...

CVE-2015-9174

CVE-2015-9174 describes a memory overwrite risk in QSEE due to lack of validation of a return value before buffer allocation. Affected Qualcomm Snapdragon Mobile devices include SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810. CVSS shows 3.0 base score 9.8 (CRITICAL) with network attack ...

CVE-2015-9174

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of validation of the return value prior to using for buffer allocation in QSEE application, TQS, may result in memory overwrite...

CVE-2017-9634

Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash...

CVE-2017-9634

Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash...

CVE-2017-9634

Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash...

CVE-2017-9634

CVE-2017-9634 affects Mitsubishi Electric Europe B.V. E-Designer, Version 7.52 Build 344. The vulnerability is an out-of-bounds write/overflow in multiple code sections that can overwrite memory, enabling arbitrary code execution, data integrity compromise, DoS, and system crash. Public sources d...

Denial Of Service (DoS) Through Buffer Overflow

libtiff.so is vulnerable to buffer overflows. A malicious user can pass a image to the readContigStripsIntoBuffer function in tifunix.c to cause a buffer overflow that can crash the system or overwrite memory from another application...

kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation

A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space...

CURL-CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write

curl can be fooled into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen o...

openSUSE Security Update : freeimage (openSUSE-2018-121)

This update for freeimage fixes one issues. This security issue was fixed : - CVE-2016-5684: Prevent out-of-bounds write vulnerability in the XMP image handling functionality. A specially crafted XMP file could have caused an arbitrary memory overwrite resulting in code execution boo1002621...

CVE-2017-14873

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pppgcgetconfig graphics driver function, a kernel memory overwrite can potentially occur...

Code injection

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pppgcgetconfig graphics driver function, a kernel memory overwrite can potentially occur...

CVE-2017-14873

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pppgcgetconfig graphics driver function, a kernel memory overwrite can potentially occur...

SUSE-SU-2017:3324-1 Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)

This update for the Linux Kernel 4.4.82-66 fixes several issues. The following security issues were fixed: - CVE-2017-1000405: Problematic use of pmdmkdirty in the touchpmd function allowed users to overwrite read-only huge pages e.g. the zero huge page and sealed shmem files bsc1070307. -...

Memory corruption

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory...

BSA-2017-473

Security Advisory ID : BSA-2017-473 Component : Kernel Revision : 2.0: Final On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the...

CVE-2017-1000255

On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signa...

Oracle OIT IX SDK GIF ImageWidth Code Execution Vulnerabiity(CVE-2016-3583)

Description While parsing a specially crafted GIF file, an integer overflow vulnerability and result in out of bounds heap memory overwrite potentially leading to arbitrary code execution. Tested Versions Oracle Outside In IX sdk 8.5.1 Product URLs...

Oracle OIT IX SDK TIFF file parsing heap buffer overflow(CVE-2016-3582)

Description While parsing a specially crafted TIFF file, a parser confusion can lead to a heap buffer overflow resulting in out of bounds memory overwrite and possibly leading to arbitrary code execution. Tested Versions Outside In IX sdk 8.5.1. Product URLs...