Microsoft windows kernel mode driver null pointer reference vulnerability

Microsoft Windows is a popular operating system. A null pointer reference vulnerability exists in the Microsoft Windows kernel mode driver that can disclose the contents of kernel memory. The vulnerability allows attackers to obtain sensitive information and bypass ASLR protection...

Design/Logic Flaw

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain...

Null pointer dereference

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service NULL pointer dereference and blue...

Information disclosure

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possib...

Information disclosure

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possib...

CVE-2015-0087

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possib...

CVE-2015-0087

CVE-2015-0087 is a memory-disclosure vulnerability in the Adobe Font Driver stack (notably ATMFD.DLL) and related font engines. Exploitation would leak uninitialized memory from the host process or kernel, potentially aiding KASLR bypass and information disclosure. Google Project Zero detailed a ...

CVE-2015-0077

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain...

Microsoft Windows Kernel Mode Driver CVE-2015-0077 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information such as kernel memory contents. This may aid in launching further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-2511-1)

A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service memory corruption or panic or possibly have unspecified impact via the keyctl commands. CVE-2014-9529 A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge...

UBUNTU-CVE-2015-2042

net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry...

CVE-2015-2042

net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry...

CVE-2015-2041

net/llc/sysctlnetllc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry...

Updated kernel-rt packages fix security vulnerabilities

This kernel-rt update provides as upgrade to upstream 3.14 longterm branch, currently based on 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types,...

[SECURITY] [DLA 155-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze11 CVE ID : CVE-2013-6885 CVE-2014-7822 CVE-2014-8133 CVE-2014-8134 CVE-2014-8160 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585 CVE-2015-1421 CVE-2015-1593 This update fixes the CVEs described below. A further issue, CVE-2014-9419, was considered, but...

Microsoft Windows Kernel 'Win32k.sys' CVE-2015-0057 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges and gain access to kernel memory. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 f...

Microsoft Windows Kernel 'Win32k.sys' CVE-2015-0058 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges and gain access to kernel memory. Technologies Affected Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for...

CVE-2014-8612

Multiple array index errors in the Stream Control Transmission Protocol SCTP module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to 1 gain privileges via the stream id to the setsockopt function, when setting the SCTIPSSVALUE option, or 2 read...

CVE-2014-0998

Integer signedness error in the vt console driver formerly Newcons in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service crash and possibly gain privileges via a negative value in a VTWAITACTIVE ioctl call, which triggers an array index error and out-of-boun...

CVE-2014-8612

Multiple array index errors in the Stream Control Transmission Protocol SCTP module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to 1 gain privileges via the stream id to the setsockopt function, when setting the SCTIPSSVALUE option, or 2 read...