kernel: ASLR bruteforce possible for vdso library

An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object vDSO implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space...

Microsoft Windows CDD Font Parsing Kernel Memory Corruption

Talos Vulnerability Report TALOS-2015-0007 Microsoft Windows CDD Font Parsing Kernel Memory Corruption September 15, 2015 CVE Number CVE-2015-2506 Description An exploitable kernel memory corruption vulnerability exists in Microsoft Windows. A specially crafted font file can cause the Microsoft...

MGASA-2015-0337 Updated openafs package fixes security vulnerabilities

Updated openafs packages fix security vulnerabilities: Memory allocated by vos for VLDB entry structures was not cleared prior to use, meaning stack data could be sent over the network, possibly in the clear if crypt mode was not in use CVE-2015-3282. The default use by bos of clear rather than...

Updated openafs package fixes security vulnerabilities

Updated openafs packages fix security vulnerabilities: Memory allocated by vos for VLDB entry structures was not cleared prior to use, meaning stack data could be sent over the network, possibly in the clear if crypt mode was not in use CVE-2015-3282. The default use by bos of clear rather than...

Fortinet FortiClient Driver File Disclosure Vulnerability

Fortinet FortiClient is a Fortinet endpoint security solution that provides end users with anti-virus, encryption and other services. A driver file disclosure vulnerability exists in Fortinet FortiClient versions prior to 5.2.4, which allows local users to read arbitrary kernel memory via a...

CVE-2015-4077

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call...

Design/Logic Flaw

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call...

CVE-2015-4077

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, and 4 mdare6452.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call...

CVE-2015-4077

Fortinet FortiClient 5.2.x affected drivers mdare64_48.sys, mdare32_48.sys, mdare32_52.sys, and mdare64_52.sys. CVE-2015-4077 describes a local privilege escalation: IOCTL 0x22608C allows reading arbitrary kernel memory, enabling local users to read kernel contents. Fortinet fixed the issue in Fo...

UBUNTU-CVE-2015-5697

The getbitmapfile function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GETBITMAPFILE ioctl call...

Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=386&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: ---...

Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=392&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: ---...

Microsoft Windows - 'ATMFD.DLL' Out-of-Bounds Read Due to Malformed Name INDEX in the CFF Table

Source: https://code.google.com/p/google-security-research/issues/detail?id=386&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: --- DRIVERPAGEFAULTINFREEDSPECIALPOOL d5 Memory was referenced after it...

Apple OS X Bluetooth Kernel Memory Layout Disclosure Vulnerability

Apple OS X is a BSD-based operating system distributed by Apple. A security vulnerability in the Apple OS X Bluetooth module allows attackers to exploit the vulnerability to obtain kernel memory information...

CVE-2015-5768

AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app...

Memory corruption

AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app...

CVE-2015-3780

The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app...

Memory corruption

The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app...

Linux kernel 'path_openat()' function memory misreference vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel, which can be exploited by an attacker to execute arbitrary code in an application, or to corrupt kernel memory,...

OpenAFS Information Disclosure Vulnerability (CNVD-2015-05291)

OpenAFS is an open source distributed file system that allows sharing of files and resources between systems over local and wide area networks. A security vulnerability exists in OpenAFS 1.6.12 and earlier versions of pioctls. A local attacker can exploit the vulnerability to read kernel memory...