5824 matches found
chromium-browser: Type confusion in extensions
The ObjectBackedNativeHandler class in extensions/renderer/objectbackednativehandler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...
Android Native Frameworks Library Information Disclosure Vulnerability
Android is a cell phone operating system based on the Linux open kernel. A security vulnerability exists in the implementation of the Native Frameworks Library in Android versions prior to 5.1.1 LMY48Z and 6.0 2015-12-01, which can be exploited by remote attackers to obtain sensitive information...
CVE-2015-6622
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka intern...
CVE-2015-6622
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka intern...
Design/Logic Flaw
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka intern...
CVE-2015-6622
The CVE-2015-6622 issue affects the Android Native Frameworks Library in Android versions before 5.1.1 LMY48Z and 6.0 before 2015-12-01. It is described as an information-disclosure vulnerability that could allow attackers to obtain sensitive information and bypass certain protections, demonstrat...
CVE-2015-6622
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka intern...
VLC DLL Hijack
Hi @ll, the executable installers ° of the videolan client VLC, see are vulnerable: 1. They load and execute a rogue/bogus/malicious ShFolder.dll '² and other DLLs like SetupAPI.dll or UXTheme.dll too eventually found in the directory they are started from the "application directory". For softwar...
The vulnerability of the Android operating system allows a perpetrator to gain privileges for various applications or cause service failures.
The vulnerability of the nativehandlecreate function in the Android operating system’s libcutils/nativehandle.c file is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to gain privileges for various applications or cause service failures through a speciall...
Google Android libcutils 'native_handle_ create()' function integer overflow vulnerability
Android is an operating system based on the Linux open kernel and is a mobile operating system announced on November 5, 2007 by Google Inc. Google Android suffers from an integer overflow vulnerability in the implementation of the libcutils 'nativehandle create' function, which can be exploited b...
UBUNTU-CVE-2015-6855
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WINREADNATIVEMAX command to an empty drive, which triggers a...
Android-libcutils library integer overflow leading to heap damage vulnerability discovery and exploit-vulnerability warning-the black bar safety net
Before reading this article, you best understand the Android Binder mechanism, for graphics system BufferQueue principle, the heap Manager jemalloc the basic principles. This article describes how to use the libcutils library stack damage vulnerability get systemserver permissions, this...
Adobe Flash - Setting Value Use-After-Free
Adobe Flash - Setting Value Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=360&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id In certain cases where a native AS2 class sets an internal atom to a value, it can lead to a...
Adobe Flash - Setting Value Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=360&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id In certain cases where a native AS2 class sets an internal atom to a value, it can lead to a use-after-free if the variable is a SharedObject. Whi...
Microsoft Internet Explorer stack Property Descriptor Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
DEBIAN-CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
Design/Logic Flaw
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
UBUNTU-CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...