767 matches found
Apple macOSiOS Kernel 10.12.3 (16D32) - bpf Heap Overflow
Apple macOSiOS Kernel 10.12.3 16D32 - bpf Heap Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1125 The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: / uint / if d-bdbif != 0 error = EINVAL; else uint size; bcopyaddr, &size, sizeof...
CVE-2017-0102
Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would first need...
KLA10984 Privilege escalation vulnerabilities in Windows kernel
Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An improper check of a buffer length prior to copying memory to the buffer can be exploited remotely ...
Null pointer dereference
The virtqueuemapdesc function in hw/virtio/virtio.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via a large I/O descriptor buffer length value...
ALPINE-CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
UBUNTU-CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
CVE-2016-7422
The virtqueuemapdesc function in hw/virtio/virtio.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via a large I/O descriptor buffer length value...
(size_t)BIO_write(in, buf, len) == len
Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6308967940620288 Fuzzer: libFuzzer Job Type: libfuzzerasanopenssl Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: sizetBIOwritein, buf, len == len fuzzer::Fuzzer::ExecuteCallback fuzzer::Fuzzer::RunOne...
CVE-2016-4439
The espregwrite function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller FSC support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or potentially execute arbitrary code o...
DEBIAN-CVE-2016-4439
The espregwrite function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller FSC support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or potentially execute arbitrary code o...
OpenSSH CVE-2 0 1 6-0 7 7 7 private key to steal technical analysis-vulnerability warning-the black bar safety net
Remembered used to write a lot of advertising procedures, estimation also not many people see. Then see“days eye APT the Team”and“3 6 0 security suit team”of people for black output only wrote the phrase“people do, day in see”, a bit of sentiment. Quickly put the sb type of ad deleted, cannot be...
Integer overflow
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...
UBUNTU-CVE-2015-7219
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...
QEMU pcnet_receive 堆缓冲区溢出漏洞(CVE-2015-7504)
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html pcnet是虚拟化软件QEMU中实现AMD PCNET网卡功能模拟的组件,相关的代码实现位于/hw/net/pcnet.c中。 在qemu软件中使用pcnet网卡,需要如下的命令行进行配置: qemu-system-x8664 centos-6.5-x64.img -m 1024 - net nic,model=pcnet -net user...
Solaris 2.6/7.0/8 netpr Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as...
[ MDVSA-2014:079 ] json-c
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:079 http://www.mandriva.com/en/support/security/ Package : json-c Date : April 17, 2014 Affected: Business Server 1.0 Problem Description: Updated json-c packages fix security vulnerabilities: Florian Weimer...