Microsoft Edge Chakra CFG Bypass Due To Bug In ServerFreeAllocation Vulnerability

Charka suffers from a CFG bypass due to a bug in ServerFreeAllocation. Chakra: CFG bypass due to a bug in ServerFreeAllocation CVE-2017-11874 Chakra JIT server exposes a ServerFreeAllocation method that can be used to free an existing JIT allocation for example when the corresponding function get...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-36672)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in GNU Binutils 2.29.1. The vulnerability arises because the dumprelocsinsection function in objdump.c in...

UBUNTU-CVE-2017-17122

The dumprelocsinsection function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service excessive memory allocation, or heap-based buffer overflow and application crash or possibly have unspecified other...

Axis Communications MPQT/PACS Heap Overflow / Information Leakage

STX Subject: Axis Communications MPQT/PACS Heap Overflow and Information Leakage. Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis August 2017 PoC: https://github.com/mcw0/PoC Release date: December 1, 2017 Full Disclosure: 90 days due to the large volume o...

PT-2017-4320 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29.1 Description: The issue is related to an integer overflow in the dump relocs in section function of the objdump.c component. This allows a remote attacker to cause a denial of service, potentially leading to excessi...

USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-34507)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in the aoutgetexternalsymbols function in aoutx.h in the Binary File Descriptor BFD library used in GNU...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-34502)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in GNU Binutils 2.29.1. The vulnerability arises because the pebfdreadbuildid function in peicode.h in the...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-34508)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. A denial of service vulnerability exists in the coffslurplinetable function in coffcode.h in the Binary File Descriptor BFD library used in GNU...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-34503)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in GNU Binutils 2.29.1. The vulnerability arises because coffgen.c in the Binary File Descriptor BFD libra...

UBUNTU-CVE-2017-16827

The aoutgetexternalsymbols function in aoutx.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service slurpsymtab invalid free and application crash or possibly have unspecified other impact via a crafted E...

UBUNTU-CVE-2017-16831

coffgen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service integer overflow and application crash, or excessive memory allocation or possibly have unspecified...

UBUNTU-CVE-2017-16829

The bfdelfparsegnuproperties function in elf-properties.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibl...

UBUNTU-CVE-2017-16826

The coffslurplinetable function in coffcode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via a crafted PE fi...

DEBIAN-CVE-2017-16826

The coffslurplinetable function in coffcode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via a crafted PE fi...

UBUNTU-CVE-2017-16805

In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file, related to rbindwarfparsecompunit in dwarf.c and sdbsetinternal in shlr/sdb/src/sdb.c...

CVE-2017-16757

Hola VPN 1.34 has weak permissions Everyone:F under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file...

Design/Logic Flaw

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...

GNU Binutils Binary File Descriptor Library Incompletely Fixes Remote Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

ASLRay - Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying

Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying. Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ - will work on any x86-64 Debian-based OS BASH - the whole script Limitations: Stack needs to be executable -z execstack Binary has...