UBUNTU-CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

DEBIAN-CVE-2014-7825

kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service out-of-bounds read and OOPS or bypass the ASLR protection mechanism via a crafted application...

PT-2014-8293 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.17.2 Description: The issue allows local users to cause a denial of service or bypass the ASLR protection mechanism via a crafted application. This is due to the kernel's failure to properly handle private...

DEBIAN-CVE-2014-5270

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed...

flash-plugin: multiple code execution or security bypass flaws (APSB14-21)

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not...

Google Chrome < 37.0.2062.120 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.120. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists related to rendering that allows a remote attacker to execute arbitrary code. CVE-2014-3178 - Unspecified...

MS KB2987114: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote host is missing KB2987114. It is, therefore, affected by the following vulnerabilities : - Unspecified memory corruption issues exist that allow arbitrary code execution. CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555 - An unspecified error...

Flash Player <= 14.0.0.179 Multiple Vulnerabilities (APSB14-21)

According to its version, the installation of Flash Player installed on the remote Windows host is equal or prior to 14.0.0.179. It is, therefore, affected by the following vulnerabilities : - Unspecified memory corruption issues exist that allow arbitrary code execution. CVE-2014-0547,...

Adobe AIR <= AIR 14.0.0.178 Multiple Vulnerabilities (APSB14-21)

According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.178. It is, therefore, affected by the following vulnerabilities : - Unspecified memory corruption issues exist that allow arbitrary code execution. CVE-2014-0547, CVE-2014-0549,...

What does a pointer look like, anyway?

Posted by Chris Evans, Renderer of Modern Art In Adobe’s August 2014 Flash Player security update, we see: These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545. I...

SuSE 11.3 Security Update : flash-player (SAT Patch Number 9612)

This flash-player update fixes the following security issues : - These updates resolve memory leakage vulnerabilities that could have been used to bypass memory address randomization. CVE-2014-0540 / CVE-2014-0542 / CVE-2014-0543 / CVE-2014-0544 / CVE-2014-0545 - These updates resolve a security...

Updated flash-player-plugin packages fix security vulnerabilities

Adobe Flash Player 11.2.202.400 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

UBUNTU-CVE-2014-5270

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed...

flash-plugin: multiple code execution or security bypass flaws (APSB14-18)

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly...

flash-plugin: multiple code execution or security bypass flaws (APSB14-18)

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly...

flash-plugin: multiple code execution or security bypass flaws (APSB14-18)

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly...

Flash Player <= 14.0.0.145 Multiple Vulnerabilities (APSB14-18)

According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 14.0.0.145. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that allows code execution. CVE-2014-0538 - An unspecified security bypass err...

Adobe AIR <= AIR 14.0.0.110 Multiple Vulnerabilities (APSB14-18)

According to its version, the instance of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exits that allows code execution. CVE-2014-0538 - An unspecified security bypass error exists...

Linux/x86-64 - Disable ASLR Security - 143 bytes

No description provided by source. / Title: Linux/x86-64 - Disable ASLR Security - 143 bytes Date: 2010-06-17 Tested: Archlinux x8664 k2.6.33 Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of shellcodes http://www.shell-storm.org/shellcode/...

PaX 2.6 Kernel Patch Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10264/info PaX for 2.6 series Linux kernels has been reported prone to a local denial of service vulnerability. The issue is reported to present itself when PaX Address Space Layout Randomization Layout ASLR is enabled. T...