327 matches found
RHEL 7 : glusterfs (RHSA-2018:1954)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1954 advisory. GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance fo...
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access Exploit
Exploit for multiple platform in category dos / poc There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code: sizet temporali...
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access
There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code: sizet temporalidx = info.gof-temporalidxgofidx; ... for sizet l = 0...
Xxe
Multiple XML external entity XXE vulnerabilities in 1 CQWeb / CM Server, 2 ClearQuest Native client, 3 ClearQuest Eclipse client, and 4 ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1....
[SECURITY] Fedora 24 Update: chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc24
Google's "pnacl" toolchain for native client support in Chromium. Depends on their older "nacl" toolchain, packaged separately...
[SECURITY] Fedora 25 Update: chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc25
Google's "pnacl" toolchain for native client support in Chromium. Depends on their older "nacl" toolchain, packaged separately...
[SECURITY] Fedora 26 Update: chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc26
Google's "pnacl" toolchain for native client support in Chromium. Depends on their older "nacl" toolchain, packaged separately...
[SECURITY] Fedora 26 Update: chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc26
Google's "pnacl" toolchain for native client support in Chromium. Depends on their older "nacl" toolchain, packaged separately...
[SECURITY] Fedora 24 Update: chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc24
Google's "pnacl" toolchain for native client support in Chromium. Depends on their older "nacl" toolchain, packaged separately...
[SECURITY] Fedora 25 Update: chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc25
Google's "pnacl" toolchain for native client support in Chromium. Depends on their older "nacl" toolchain, packaged separately...
Fedora Update for chromium-native_client FEDORA-2016-c671aae490
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 25 Update: chromium-native_client-54.0.2840.59-1.20161013git090f907.fc25
Google's "pnacl" toolchain for native client support in Chromium. Depends on their older "nacl" toolchain, packaged separately...
[SECURITY] Fedora 24 Update: chromium-native_client-54.0.2840.59-1.20161013git090f907.fc24
Google's "pnacl" toolchain for native client support in Chromium. Depends on their older "nacl" toolchain, packaged separately...
CVE-2015-3335
Removed by vendor...
Google Chrome < 42.0.2311.90 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers...
Google Chrome < 42.0.2311.90 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attacke...
How To Run Android Apps in Chrome Browser with Google ARC
Last year at Google I/O developer event, Google launched a limited beta "App Runtime for Chrome" ARC project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome ARC Welder that allows Android apps to run...
DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation
Security researchers have find out ways to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM double data rate dynamic random-access memory chips and gaining higher kernel privileges on the system. The technique, dubbed "rowhammer"...
Rowhammer - NaCl Sandbox Escape
Rowhammer - NaCl Sandbox Escape Sources: http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://code.google.com/p/google-security-research/issues/detail?id=284 Full PoC:...
Exploiting the DRAM rowhammer bug to gain kernel privileges
Rowhammer blog post draft Posted by Mark Seaborn, sandbox builder and breaker, with contributions by Thomas Dullien, reverse engineer This guest post continues Project Zero’s practice of promoting excellence in security research on the Project Zero blog Overview “Rowhammer” is a problem with some...