772 matches found
CVE-2017-9239
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue to 0x0, and the value of pValue is 0x0. TiffImageEntry::doWriteImage will use the value of pValue to cause a segmentation fault. To exploit this vulnerability, someone must...
Design/Logic Flaw
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue to 0x0, and the value of pValue is 0x0. TiffImageEntry::doWriteImage will use the value of pValue to cause a segmentation fault. To exploit this vulnerability, someone must...
PYSEC-2017-112
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue to 0x0, and the value of pValue is 0x0. TiffImageEntry::doWriteImage will use the value of pValue to cause a segmentation fault. To exploit this vulnerability, someone must...
CVE-2017-9239
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue to 0x0, and the value of pValue is 0x0. TiffImageEntry::doWriteImage will use the value of pValue to cause a segmentation fault. To exploit this vulnerability, someone must...
CVE-2017-3026
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution...
Design/Logic Flaw
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution...
CHICKEN Denial of Service Vulnerability
CHICKEN is a compiler and interpreter based on the Scheme language , it can compile Scheme code into standard C code , and supports extensions . A security vulnerability exists in the string-translate procedure in the data structure unit in versions of CHICKEN prior to 4.10.0. A remote attacker...
SUSE-SU-2017:0464-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8962: Double free vulnerability in the sgcommonwrite function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges...
[SECURITY] Fedora 25 Update: redis-3.2.7-1.fc25
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
OsiriX DICOM Viewer 8.0.1 - Memory Corruption
OsiriX DICOM Viewer 8.0.1 - Memory Corruption !/usr/bin/env python -- coding: utf8 -- OsiriX DICOM Viewer 8.0.1 dulparse.cc Remote Memory Corruption Vulnerability Vendor: Pixmeo Sarl Product web page: http://www.osirix-viewer.com Affected version: OsiriX 8.0.1 Summary: With high performance and a...
Delta Industrial Automation WPLSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Denial of service attack on Lenovo System X M5, M6, and X6 systems - Lenovo Support US
No description provided...
Delta Industrial Automation PMSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
UBUNTU-CVE-2016-9919
The icmp6send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service panic via a fragmented IPv6 packet...
The Microsoft DirectX graphics kernel subsystem elevation of privilege vulnerability MS16-062)
来源: 腾讯科恩实验室官方博客 作者: Daniel King @long123king 如何攻破微软的Edge浏览器 攻破微软的Edge浏览器至少需要包含两方面基本要素:浏览器层面的远程代码执行RCE: Remote Code Execution和浏览器沙箱绕过。 浏览器层面的远程代码执行通常通过利用Javascript脚本的漏洞完成,而浏览器的沙箱绕过则可以有多种方式,比如用户态的逻辑漏洞,以及通过内核漏洞达到本地提权EoP: Escalation of Privilege。...
CVE-2016-7912
Use-after-free vulnerability in the ffsusercopyworker function in drivers/usb/gadget/function/ffs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call...
DEBIAN-CVE-2015-8964
The ttysettermiosldisc function in drivers/tty/ttyldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure...
CVE-2015-8964
The ttysettermiosldisc function in drivers/tty/ttyldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure...
DEBIAN-CVE-2015-8963
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service use-after-free by leveraging incorrect handling of an swevent data structure during a CPU unplug operation...
CVE-2016-7912
Use-after-free vulnerability in the ffsusercopyworker function in drivers/usb/gadget/function/ffs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call...