CVE-2017-12434

In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service assertion failure in DestroyImageInfo in image.c...

CVE-2016-10384

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl...

CVE-2016-10387

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario...

CVE-2015-9046

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list...

Design/Logic Flaw

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario...

CVE-2015-9039

Summary: CVE-2015-9039 affects the Qualcomm eMBMS component in Android CAF builds that use the Linux kernel. The root cause is an assertion that can be reached by a sequence of downlink messages in eMBMS, enabling a potential unauthorized operation. The vulnerability has a high/critical impact pr...

CVE-2016-10384

CVE-2016-10384 affects Qualcomm products with Android CAF builds that use the Linux kernel and involve the WLAN driver ioctl. The underlying issue is a potentially reachable assertion in the WLAN driver ioctl, as described in the CVE entry. The Android Security Bulletin (April 2018) notes securit...

CVE-2016-10387

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario...

CVE-2016-10387

CVE-2016-10387 concerns Qualcomm CAF Android devices using the Linux kernel, where an assertion could be reachable during a handover. The CVSS3/3.0 score is 9.8 (CRITICAL) with high impact to confidentiality, integrity, and availability, indicating severe risk if exploitable. The provided Connect...

CVE-2016-10384

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl...

Microsoft Edge - Out-of-Bounds Access when Fetching Source Exploit

Exploit for windows platform in category dos / poc // The attached JavaScript file causes an out-of-bounds access of the source buffer when fetching the source for one of the functions during delayed compilation. The out-of-bounds value is then treated as the pointer to the source. This is likely...

pspp -- multiple vulnerabilities

CVE Details reports: There is an Integer overflow in the hashint function of the libpspp library in GNU PSPP 0.10.5-pre2 CVE-2017-10791. There is a NULL Pointer Dereference in the function llinsert of the libpspp library in GNU PSPP 0.10.5-pre2 CVE-2017-10792. There is an illegal address access i...

SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:2199-1)

This update for ImageMagick fixes the following issues: Security issues fixed : - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c bsc1042826 - CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c bsc1042812 - CVE-2017-9501: An...

Amazon Linux AMI : graphite2 (ALAS-2017-872)

Vulnerabilities in the Graphite 2 library MFSA 2017-16 A heap-based buffer overflow flaw related to 'lz4::decompress' has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. CVE-2017-7778 Heap-buffer-overflow write...

Microsoft Edge: Chakra: InterpreterStackFrame::ProcessLinkFailedAsmJsModule incorrectly re-parses(CVE-2017-8645)

When Chakra fails to link an asmjs module, it tries to re-parse the failed-to-link asmjs function to treat it as a normal javascript function. But it incorrectly handles the case where the function is a class. It starts to parse from the start of the class declaration instead of the constructor. ...

Microsoft Edge Chakra - InterpreterStackFrame::ProcessLinkFailedAsmJsModule Incorrectly Re-parses

Microsoft Edge Chakra - InterpreterStackFrame::ProcessLinkFailedAsmJsModule Incorrectly Re-parses GetOriginalEntryPoint : nullptr; if this-pCurrentFunction && this-pCurrentFunction-IsFunctionParsed Assertthis-pCurrentFunction-StartInDocument == pnode-ichMin; pCurrentFunction" is the consturctor,...

Microsoft Edge Chakra TryUndeleteProperty Incorrect Usage

Microsoft Edge: Chakra: Incorrect usage of TryUndeleteProperty CVE-2017-8635 Chakra implemented the reuse of deleted properties of an unordered dictionary object with the following code. bool SimpleDictionaryUnorderedTypeHandler::TryReuseDeletedPropertyIndex DynamicObject const object,...

[SECURITY] [DLA 1058-1] krb5 security update

From: Lucas Kanashiro [email protected] To: [email protected] Subject: SECURITY DLA 1058-1 krb5 security update Package : krb5 Version : 1.10.1+dfsg-5+deb7u8 CVE ID : CVE-2017-11368 Debian Bug : 869260 In MIT Kerberos 5 aka krb5 1.7 and later, an authenticated attacker can...

Updated krb5 packages fix security vulnerability

A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request CVE-2017-11368...

MIT Kerberos 5 S4U2Self or S4U2Proxy Request Denial of Service Vulnerability

MIT Kerberos 5 is a set of network authentication protocols, which uses a client/server structure, and both the client and server side can authenticate each other, preventing eavesdropping, preventing replay attacks and so on. MIT Kerberos 5 has a security vulnerability in handling invalid S4U2Se...