772 matches found
The vulnerability of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Windows operating system is related to incorrect calculations of buffer lengths during LDAP requests. Exploiting this vulnerability allows a malicious actor to enhance their privileges by running specially created applications remotely...
CVE-2017-0166
An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP...
File Parsing Out-of-Bounds Access Vulnerability in Kingsoft WPS
WPS Office is an office software. A file parsing out-of-bounds access vulnerability exists in Kingsoft WPS. out-of-bounds access to memory exists in the docreader module, which can be exploited by an attacker to cause an information disclosure due to a failure to check the buffer length...
macOS / iOS Kernel 10.12.3 (16D32) - bpf Heap Overflow Exploit
Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1125 The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: / uint / if d-bdbif != 0 error = EINVAL; else uint size; bcopyaddr, &size, sizeof siz...
Apple macOSiOS Kernel 10.12.3 (16D32) - bpf Heap Overflow
Apple macOSiOS Kernel 10.12.3 16D32 - bpf Heap Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1125 The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: / uint / if d-bdbif != 0 error = EINVAL; else uint size; bcopyaddr, &size, sizeof...
MacOS/iOS kernel heap overflow in bpf (CVE-2017-2482)
The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: / uint / if d-bdbif != 0 error = EINVAL; else uint size; bcopyaddr, &size, sizeof size; if size bpfmaxbufsize size = bpfmaxbufsize; else if size bdbufsize = size; break; d-bdbif is set to the currently attached...
CVE-2017-0102
Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would first need...
KLA10984 Privilege escalation vulnerabilities in Windows kernel
Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An improper check of a buffer length prior to copying memory to the buffer can be exploited remotely ...
Null pointer dereference
The virtqueuemapdesc function in hw/virtio/virtio.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via a large I/O descriptor buffer length value...
CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
ALPINE-CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
UBUNTU-CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
CVE-2016-8909
The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...
CVE-2016-7422
The virtqueuemapdesc function in hw/virtio/virtio.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via a large I/O descriptor buffer length value...
(size_t)BIO_write(in, buf, len) == len
Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6308967940620288 Fuzzer: libFuzzer Job Type: libfuzzerasanopenssl Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: sizetBIOwritein, buf, len == len fuzzer::Fuzzer::ExecuteCallback fuzzer::Fuzzer::RunOne...
CVE-2016-4439
The espregwrite function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller FSC support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or potentially execute arbitrary code o...
DEBIAN-CVE-2016-4439
The espregwrite function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller FSC support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or potentially execute arbitrary code o...
OpenSSH CVE-2 0 1 6-0 7 7 7 private key to steal technical analysis-vulnerability warning-the black bar safety net
Remembered used to write a lot of advertising procedures, estimation also not many people see. Then see“days eye APT the Team”and“3 6 0 security suit team”of people for black output only wrote the phrase“people do, day in see”, a bit of sentiment. Quickly put the sb type of ad deleted, cannot be...