5121 matches found
Information disclosure
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dmammap call...
UBUNTU-CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dmammap call...
CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dmammap call...
CVE-2015-8950
CVE-2015-8950 affects the Linux kernel (arch/arm64/mm/dma-mapping.c) prior to 4.0.3, where uninitialized data structures in the ION memory-management path can be exposed via dma_mmap. This local-access vulnerability could allow a non-privileged user to read kernel memory. The public references in...
CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dmammap call...
CVE-2016-6808
It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow...
Enter: [CRITICAL]-Taking over entire subdomain of romit.io
Hi, During recon, I found out that blog.romit.io was not mapped with wordpress.com and the domain was returning back error like this domain has not been mapped with wordpress.com, to map it please login into wordpres.com. So, I quickly created an account on wordpress.com and mapped blog.romit.io ...
Linux SELinux - W+X Protection Bypass via AIO
Linux SELinux - W+X Protection Bypass via AIO / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=854 SELinux has a set of permissions that can be used to prevent processes from creating executable memory mappings that contain data controlled by the process PROCESSEXECMEM,...
SELinux W+X Protection Bypass via AIO
Exploit for linux platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=854 SELinux has a set of permissions that can be used to prevent processes from creating executable memory mappings that contain data controlled by the process PROCESSEXECMEM,...
How to Map Replicas in Cloud Connect
Purpose This KB article documents the procedure for mapping a replication job to a replica that was not created by a tenant's replication job. Cause Use case examples: The tenant has sent backup files to the Service Provider, and the Service Provider restores the VMs from the backup files to crea...
CVE-2014-9888
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 a...
UBUNTU-CVE-2015-8943
drivers/video/msm/mdss/mdssmdputil.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 a...
Xerosploit - Efficient And Advanced Man In The Middle Framework
Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap...
Scientific Linux Security Update : samba on SL7.x x86_64 (20160726)
Security Fixes : - A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. CVE-2016-2119 Bug Fixes : - Previously, the 'net' command in some cases...
ctdb, libsmbclient, libwbclient, samba security update
CentOS Errata and Security Advisory CESA-2016:1486 An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Security Bulletin: ASN. 1 coding in the presence of a heap memory corruption vulnerability-vulnerability warning-the black bar safety net
! ! 1. Security Bulletin information Title: Objective system integrated Co., Ltd. The design of the ASN. 1 coding specification in the presence of one can lead to heap memory corruption vulnerabilities. Vulnerability CVE number: CVE-2 0 1 6-5 0 8 0 Announcement of the URL address:...
CVE-2016-5007
It was found that differences in the strictness of Spring Security, and Spring Framework request mapping could lead to resources not being secured. An attacker could use this flaw to bypass authentication...
ExpressionEngine: Filename and directory enumeration
Hello, The "Import File Converter" can be abused by an admin to map the server directories and files, because the "File location" field doesn't sanitize the user input and allows access to root directories and files. Steps to reproduce: 1- Go to...
Nextcloud: Server side request forgery (SSRF) on nextcloud implementation.
An admin of nextcloud server can add other trusted nextcloud server in his own installation. The following request passes when a new add request is processed: http POST /nextcloud/index.php/apps/federation/trusted-servers HTTP/1.1 Host: myown.nextcloudserver.com User-Agent: Mozilla/5.0 Macintosh;...
HITB16 issues resolution: Java applications ORM injection the development of new methods-vulnerability warning-the black bar safety net
! “Hack In The Box”conference is in Europe in Amsterdam, organized by the global well-known Security Summit. This year's conference very interesting, one by a security researcher Mikhail Egorov and Sergey Soldatov presented the topic“Java application ORM injection the development of new...