Exploiting the DRAM rowhammer bug to gain kernel privileges

Rowhammer blog post draft Posted by Mark Seaborn, sandbox builder and breaker, with contributions by Thomas Dullien, reverse engineer This guest post continues Project Zero’s practice of promoting excellence in security research on the Project Zero blog Overview “Rowhammer” is a problem with some...

Phabricator: Server Side Request Forgery in macro creation

mongoose just getting it out of the way ; Hi, I would like to report a Server Side Request Forgery SSRF 1 in the meme creation section of the phabricator software 2. SSRF is a vulnerability allowing requests to be made from the context of the server. This could allow an attacker to gain access to...

Memory Corruption Vulnerability in Ashampoo Photo Commander's Handling of ICO Images

Ashampoo Photo Commander Free is a photo management software from Germany. Ashampoo Photo Commander handles ICO images with logical errors that allow attackers to exploit vulnerabilities to parse malformed programs and cause the application to crash...

Debian DSA-3179-1 : icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

[SECURITY] [DSA 3179-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3179-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 03, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3179-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian OpenVAS Vulnerability Test $Id: deb3179.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3179-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks GmbH...

Debian: Security Advisory (DSA-3179-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2519-1 eglibc, glibc vulnerabilities

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...

SuSE 11.3 Security Update : unzip (SAT Patch Number 10344)

This update fixes the following security issues : - input sanitization errors. bnc909214. CVE-2014-8139 - out-of-bounds read/write in testcompreb bnc914442. CVE-2014-9636 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

Debian DSA-3174-1 : iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3174-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3174-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 25, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3174-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3174.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3174-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

DSA-3174-1 iceweasel - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3174-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : php-5.6.6-1.fc21 (2015-2315)

19 Feb 2015, PHP 5.6.6 Core : - Removed support for multi-line headers, as the are deprecated by RFC 7230. Stas - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68942 Use after free vulnerability in unserialize with DateTimeZone...

dbus DoS

Incorrect errors handling...

PT-2015-3447 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the subsequent get user pages fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher recvmsg of crypto/algif skcipher.c function...

Adobe Flash Player Multiple Vulnerabilities-01 (Feb 2015) - Linux

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

Adobe Flash Player Unspecified Vulnerability - 01 (Feb 2015) - Mac OS X

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

Apple Safari 'Webkit' Multiple Vulnerabilities -01 (Feb 2015) - Mac OS X

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...