Apple MAC OS X Yosemite IOUSB Controller User Client Function Memory Access Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. A memory access vulnerability exists in Apple MAC OS X Yosemite's handling of the IOUSB controller user client function, which allows a privileged application to read arbitrary data from kernel memory...

Apple MAC OS X Yosemite IOBluetoothFamily Integer Overflow Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite suffers from an integer overflow vulnerability in the handling of IOBluetoothFamily, which allows local attackers to exploit the vulnerability to manipulate kernel memory and execute arbitrary code...

Apple MAC OS X Yosemite Arbitrary Code Execution Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite handles an arbitrary code execution vulnerability in the Bluetooth driver, which allows an attacker to control the writable size of kernel memory using a malicious application...

FreeBSD-SA-15:02.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:02.kmem Security Advisory The FreeBSD Project Topic: SCTP SCTPSSVALUE kernel memory corruption and disclosure Category: core Module: sctp Announced:...

FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure

Problem Description: Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory. Impact: An unprivileged process can read or modify 16-bits of memory which belongs to the kernel. This may lead to...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

CVE-2014-4322poc poc code works on Nexus Android 4.4/5.0 Gai...

CVE-2014-9584

The parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference ER System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image...

Linux Kernel isofs Information Disclosure Vulnerability

Linux kernel is an open source operating system. An information disclosure vulnerability exists in the linux kernel supporting the iso9660 file system CONFIGISO9660FS, which can be triggered by accessing data on iso9660 impacts containing RockRidge extension reference records, allowing an...

Kernel: drivers: media: an information leakage

An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes...

Kernel: USB serial: memory corruption flaw

A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the...

Kernel: target/rd: imformation leakage

An information leak flaw was found in the RAM Disks Memory Copy rdmcp backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client...

CVE-2014-7252

Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local user...

Input validation

Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local user...

CVE-2014-7252

The CVE-2014-7252 entry relates to multiple improper data validation vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processors. The Syslink driver, used in devices such as NTT DOCOMO ARROWS and SoftBank SHARP handsets, allows local users to execute arbitrary code or read ...

Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

Overview The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP...

Apple Mac OSX - IOKit Keyboard Driver Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Mac OS X IOKit Keyboard Driver Root Privilege Escalation', 'Description' = %q A heap overflow in...

JVN#67792023: Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multipl...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation Exploit

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has be...

OracleVM 2.2 : kernel (OVMSA-2009-0033)

The remote OracleVM system is missing necessary patches to address critical security updates : - security require root for mmapminaddr Eric Paris 518142 518143 CVE-2009-2695 - md prevent crash when accessing suspend sysfs attr Danny Feng 518135 518136 CVE-2009-2849 - nfs knfsd: fix NFSv4 OEXCL...

CVE-2014-8476

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...