Integer overflow

Integer signedness error in the vt console driver formerly Newcons in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service crash and possibly gain privileges via a negative value in a VTWAITACTIVE ioctl call, which triggers an array index error and out-of-boun...

CVE-2014-0998

Integer signedness error in the vt console driver formerly Newcons in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service crash and possibly gain privileges via a negative value in a VTWAITACTIVE ioctl call, which triggers an array index error and out-of-boun...

CVE-2014-8612

Multiple array index errors in the Stream Control Transmission Protocol SCTP module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to 1 gain privileges via the stream id to the setsockopt function, when setting the SCTIPSSVALUE option, or 2 read...

CVE-2014-0998

The CVE-2014-0998 entry concerns FreeBSD where the vt console driver (vt, formerly Newcons) contains a sign-conversion/array-bounds bug in VT_WAITACTIVE that a local unprivileged user can exploit to crash the kernel or gain privileges. The vulnerability stems from reading an input value as unsign...

CVE-2014-8612

Removed by vendor...

CVE-2014-0998

Removed by vendor...

FreeBSD Security Advisory FreeBSD-SA-15:02.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:02.kmem Security Advisory The FreeBSD Project Topic: SCTP SCTPSSVALUE kernel memory corruption and disclosure Category: core Module: sctp Announced: 2015-01-...

CVE-2014-8823

The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument...

Design/Logic Flaw

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service write to kernel memory via a crafted app that calls an unspecified user-client method...

Code injection

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service arbitrary-size bzero of kernel memory via a crafted app...

Memory corruption

The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument...

CVE-2014-8836

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service arbitrary-size bzero of kernel memory via a crafted app...

CVE-2014-8822

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service write to kernel memory via a crafted app that calls an unspecified user-client method...

CVE-2014-8823

The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument...

CVE-2014-8822

CVE-2014-8822 affects Apple OS X IOHIDFamily prior to 10.10.2. A crafted app calling an unspecified IOHID user-client method can cause a kernel-context code execution or a denial of service (kernel memory write). Root cause involves a bounds/validation issue in the IOHIDFamily user-client handlin...

Apple MAC OS X Yosemite IOUSB Controller User Client Function Memory Access Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. A memory access vulnerability exists in Apple MAC OS X Yosemite's handling of the IOUSB controller user client function, which allows a privileged application to read arbitrary data from kernel memory...

Apple MAC OS X Yosemite IOBluetoothFamily Integer Overflow Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite suffers from an integer overflow vulnerability in the handling of IOBluetoothFamily, which allows local attackers to exploit the vulnerability to manipulate kernel memory and execute arbitrary code...

Apple MAC OS X Yosemite Arbitrary Code Execution Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite handles an arbitrary code execution vulnerability in the Bluetooth driver, which allows an attacker to control the writable size of kernel memory using a malicious application...

FreeBSD-SA-15:02.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:02.kmem Security Advisory The FreeBSD Project Topic: SCTP SCTPSSVALUE kernel memory corruption and disclosure Category: core Module: sctp Announced:...

FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure

Problem Description: Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory. Impact: An unprivileged process can read or modify 16-bits of memory which belongs to the kernel. This may lead to...