Apple Mac OSX - gst_configure Kernel Buffer Overflow

Apple Mac OSX - gstconfigure Kernel Buffer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=596 The external method 0x206 of IGAccelGLContext is gstconfigure. This method takes an arbitrary sized input structure passed in rsi but doesn't check the size of tha...

Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=569 IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as arg0 and...

Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution

Apple Mac OSX - IOBluetoothHCIUserClient Arbitrary Kernel Code Execution / Source: https://code.google.com/p/google-security-research/issues/detail?id=569 IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as...

Apple Mac OSX - 'gst_configure' Kernel Buffer Overflow

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=596 The external method 0x206 of IGAccelGLContext is gstconfigure. This method takes an arbitrary sized input structure passed in rsi but doesn't check the size of that structure passed in rcx. text:000000000002A366...

Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=569 IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as arg0 and ::SimpleDispatchWL as the Action. It neither passes nor checks t...

Advantech WebAccess Multiple Buffer Overflow Vulnerabilities (Jan 2016)

Advantech WebAccess is prone to multiple stack-based buffer overflow vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeBSD : claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc (51358314-bec8-11e5-82cd-bcaec524bf84)

DrWhax reports : So in codeconv.c there is a function for Japanese character set conversion called convjistoeuc. There is no bounds checking on the output buffer, which is created on the stack with alloca Bug can be triggered by sending an email to [email protected] or whatever. Since my C is...

Debian DLA-393-1 : srtp security update

Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length. Credit goes to Randell Jesup and the Firefox team for reporting this issue. As there is no aead mode available in the Squeeze version, only srtpunprotect needed to be patched NOTE:...

DLA-393-1 srtp - security update

Bulletin has no description...

Updated claws-mail packages fix security vulnerability

no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...

MGASA-2016-0008 Updated claws-mail packages fix security vulnerability

no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...

Microsoft Edge Memory Corruption (MS16-002: CVE-2016-0003)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to improper type checking of a variable. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...

IBM Domino Image File Parsing Buffer Overflow (CVE-2015-5040)

A buffer overflow vulnerability has been reported in IBM Domino. The vulnerability is due to improper bounds checking when parsing image files, potentially lead to an undersized buffer being allocated. A remote, unauthenticated attacker can exploit this vulnerability by sending an email containin...

claws-mail: buffer overflow

A remotely triggerable buffer overflow has been found in the code of claws-mail handling character conversion, in functions convjistoeuc, conveuctojis and convsjistoeuc, in codeconv.c. There was no bounds checking on buffers passed to these functions, some stack-based but other potentially...

Apple iOS Mobile Replayer Arbitrary Code Execution Vulnerability

Apple iOS is an operating system developed by Apple for use in cell phones and other devices. A path-checking vulnerability exists in the Apple iOS Mobile Replayer handling, which could be exploited by an attacker to execute arbitrary code with system privileges...

Apple iOS Mobile Replayer Arbitrary Code Execution Vulnerability (CNVD-2015-08187)

Apple iOS is an operating system developed by Apple for use in cell phones and other devices. A path-checking vulnerability exists in the Apple iOS Mobile Replayer handling, which could be exploited by an attacker to execute arbitrary code with system privileges...

Labtam ProFTP Client Banner Buffer Overflow (CVE-2009-3976)

Labtam ProFTP is vulnerable to a buffer overflow, caused by improper bounds checking. A remote attacker could exploit this vulnerability via an overly long welcome message to overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the service to crash...

SUSE-SU-2015:2110-1 Security update for LibVNCServer

The libvncserver package was updated to fix the following security issues: - bsc897031: fix several security issues: CVE-2014-6051: Integer overflow in MallocFrameBuffer on client side. CVE-2014-6052: Lack of malloc return value checking on client side. CVE-2014-6053: Server crash on a very large...

SUSE SLED12 / SLES12 Security Update : LibVNCServer (SUSE-SU-2015:2088-1)

The LibVNCServer package was updated to fix the following security issues : - bsc897031: fix several security issues : - CVE-2014-6051: Integer overflow in MallocFrameBuffer on client side. - CVE-2014-6052: Lack of malloc return value checking on client side. - CVE-2014-6053: Server crash on a ve...

DEBIAN-CVE-2015-8219

The inittile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JP...