USN-2587-1: Linux kernel (Trusty HWE) vulnerabilities

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service kernel crash or to potentially execute code with kernel privileges. CVE-2015-2666 It was discovered that the Linux kernel's IPv6 networking...

Apple Mac OSX - Local Denial of Service

Apple Mac OSX - Local Denial of Service / 2015, Maxime Villard, CVE-2015-1100 Local DoS caused by a missing limit check in the fat loader of the Mac OS X Kernel. $ gcc -o Mac-OS-XFat-DoS Mac-OS-XFat-DoS.c $ ./Mac-OS-XFat-DoS BINARY-NAME Obtained from: http://m00nbsd.net/garbage/Mac-OS-XFat-DoS.c...

Apple Mac OSX - Local Denial of Service

/ 2015, Maxime Villard, CVE-2015-1100 Local DoS caused by a missing limit check in the fat loader of the Mac OS X Kernel. $ gcc -o Mac-OS-XFat-DoS Mac-OS-XFat-DoS.c $ ./Mac-OS-XFat-DoS BINARY-NAME Obtained from: http://m00nbsd.net/garbage/Mac-OS-XFat-DoS.c Analysis:...

Mozilla: resource: // documents can load privileged pages (MFSA 2015-33)

A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox...

freetype: integer overflow in tt_face_load_font_dir() leading to out-of-bounds read

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service integer overflow and out-of-bounds read or possibly have unspecified other impact via a crafted SFNT table...

tboot: argument measurement vulnerability for GRUB2+ELF kernels

Trusted Boot tboot before 1.8.2 has a 'loader.c' Security Bypass Vulnerability...

Fedora 20 : php-5.5.22-1.fc20 (2015-2328)

19 Feb 2015, PHP 5.5.22 Core : - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68925 Mitigation for CVE-2015-0235 ' GHOST: glibc gethostbyname buffer overflow. Stas - Fixed bug 68942 Use after free vulnerability in unserialize with...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

Internet Bug Bounty: Bad Write in TTF font parsing (win32k.sys)

This bug was originally reported through Project Zero at Google. Alex Rice suggested to me that I could potentially receive a bounty through Hacker One so I am also opening a report here. The vulnerability reference numbers are MS15-010 CVE-2015-0059 The original bug report is...

DEBIAN-CVE-2014-9658

The ttfaceloadkern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted TrueType font...

OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)

An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)

An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...