7640 matches found
MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig (CVE-2017-2443)
Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method takes a structure input and output buffer. It reads an attacker controlled dword from the input buffer which it uses to index an array of pointers with no bounds checking: This pointer is passed...
MacOS/iOS kernel memory corruption due to bad bounds checking in necp_client_copy_interface(CVE-2017-2473)
necpclientcopyinterface contains this code where interfaceindex is an attacker controlled a uint32t that: if interfaceindex != IFSCOPENONE && intinterfaceindex = ifindex interface = ifindex2ifnetinterfaceindex; This leads to an interface pointer being read out of bounds. This can lead to kernel...
Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1108 SIOCSIFORDER is a new ioctl added in iOS 10. It can be called on a regular tcp socket, so from pretty much any sandbox. it falls through to calling: ifnetresetorderorderedindices, ifo-ifocount where orderedindicies points to...
Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1071 Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method takes a structure input and output buffer. It reads an attacker controlled dword from the input buffer which it uses to...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.17.4 - Revert 'fix minor infoleak in getuserex' Brian Maly Orabug: 25790392 CVE-2016-9644 3.8.13-118.17.3 - net: ping: check minimum size on ICMP header length Kees Cook Orabug: 25766911 CVE-2016-8399 3.8.13-118.17.2 - ipv6: stop sending PTB packets for MTU 1280 Hagen Paul...
About the security content of macOS Server 5.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
CVE-2017-5238
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field...
Out-of-bounds
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field...
CVE-2017-5238
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field...
CVE-2017-5238
The CVE-2017-5238 entry concerns the Eview EV-07S GPS Tracker, where a buffer/overflow happens due to insufficient boundary checks in several input configuration fields. The CNVD entry confirms the root cause as a lack of bounds checking that allows overflowing data from one variable into another...
Virtuozzo 7 : vmauth (VZA-2017-018)
According to the version of the vmauth package installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - Incorrect checking of locked VM accounts in Virtuozzo SDK allowed one to use any password to log in to a VM with such a locked account via a...
asterisk -- Buffer overflow in CDR's set user
The Asterisk project reports: No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection...
Cisco IOx Data in Motion Stack Overflow Vulnerability
A vulnerability in the Data-in-Motion DMo process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device...
CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...
CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...
CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...
CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...
CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...
VariCAD DWB File Stack Buffer Overflow
A stack buffer overflow vulnerability exists in VariCAD 2010. The vulnerability is due to insufficient bounds checking on a DWB file. A successful exploitation could lead to arbitrary code execution in the security context of the target user...
Updated flac packages fix security vulnerability
FLAC 1.3.2 fixes a NULL pointer dereference bug and adds bounds checking in the encoder. It also fixes various non security-relevant issues...