The vulnerability of the iOS operating system, the multimedia player iTunes, and the web browser Safari allows a perpetrator to obtain confidential information from the process’s memory.

The vulnerability of the WebKit component of the iOS operating system, the multimedia player iTunes, and the browser Safari is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information from...

The vulnerability of the shared memory manager of the sshd daemon used in OpenSSH encryption protection allows a hacker to increase their privileges.

The vulnerability of the manager of shared memory in the sshd daemon of the OpenSSH cryptographic protection mechanism arises from the execution of an operation beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor, operating locally, to enhance their privileges by...

Multiple Huawei VRP Platform Switch Input Checksum Vulnerabilities

Huawei S12700, S5700, S7700, S9700 are switching devices from Huawei China. An input checksum vulnerability exists in multiple Huawei VRP platform switches. Due to the lack of input checksum, an attacker can exploit the vulnerability to construct malformed messages to be sent to the VRP, causing...

Security Advisory - Input Validation Vulnerability in Huawei VRP Platform

There is an input validation vulnerability in some Huawei devices using VRP. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakag...

CVE-2016-4658

A use-after-free flaw was found in the Xpointer implementation of libxml2. An attacker could use this flaw against an application parsing untrusted XML files and compiled with libxml2 to leak small amount of memory data. Mitigation Mitigation for this issue is either not available or the currentl...

Kaspersky Internet Security Denial of Service Vulnerability

Kaspersky Internet Security KIS, Kaspersky Security Software is a set of security software developed by Russia's Kaspersky Lab Kaspersky Lab with both antivirus and firewall functions. There are security vulnerabilities in KIS. A local attacker can exploit this vulnerability with a specially...

The vulnerability of the Flash Player software allows a perpetrator to obtain confidential information from the process’s memory.

The vulnerability of the Flash Player software is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information from the process’s memory...

The vulnerability of the SolarWinds Virtualization Manager software allows a hacker to execute arbitrary commands.

The vulnerability of the RMI component of the SolarWinds Virtualization Manager relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely, using a specially crafted serialized Java object...

PT-2016-2391 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.366 Adobe Flash Player versions 19.x through 22.x before 22.0.0.209 on Windows and OS X Adobe Flash Player versions prior to 11.2.202.632 on Linux Description: The issue is related to the lack of...

The vulnerability of the Mozilla SeaMonkey software package allows a malicious individual to execute arbitrary code, gain access to confidential information, or cause a service failure.

Mozilla SeaMonkey software contains a vulnerability related to errors in the implementation of the Mozilla::WaveReader::DecodeAudioData function. Exploiting this vulnerability allows malicious actors to gain access to confidential information from the dynamic memory of the process, trigger servic...

Siemens SIPROTEC 4 and SIPROTEC Information Disclosure Vulnerability (CNVD-2016-03386)

Siemens SIPROTEC 4 is a series of multifunctional relays; SIPROTEC Compact is a microcomputer protection device. An information disclosure vulnerability exists in the integrated web server of the SIPROTEC 4 and SIPROTEC Compact. A remote attacker with network access could exploit this vulnerabili...

Samba Information Disclosure Vulnerability

Samba is a set of programs that implement the SMB Server Messages Block protocol, cross-platform file sharing and print sharing services. An information disclosure vulnerability exists in Samba versions 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3. Due to the length of the error...

Microsoft Internet Explorer Information Disclosure Vulnerability (CNVD-2015-07555)

Microsoft Internet Explorer is a popular web browser introduced by Microsoft and bundled with the Windows operating system. An information disclosure vulnerability exists in Microsoft Internet Explorer 9 through 11. The vulnerability allows remote attackers to obtain sensitive information from...

Linux kernel local information disclosure vulnerability (CNVD-2015-07402)

Linux kernel is an open source operating system. Linux kernel has a security vulnerability that allows local attackers to exploit the vulnerability to gain access to sensitive memory information...

The vulnerabilities of Adobe Acrobat and Adobe Acrobat Document Cloud for PDF file editing, as well as Adobe Reader and Adobe Reader Document Cloud for PDF file viewing, allow attackers to gain access to protected information stored in the process memory.

The vulnerability of Adobe Acrobat and Adobe Acrobat Document Cloud programs for editing PDF files, as well as Adobe Reader and Adobe Reader Document Cloud programs for viewing PDF files, is related to deficiencies in access control mechanisms. Exploiting this vulnerability can allow an attacker ...

Adobe Acrobat/Reader Memory Disclosure Vulnerability (CNVD-2015-06748)

Adobe Reader/Acrobat is a popular application for working with PDF files. A memory disclosure vulnerability exists in Adobe Reader/Acrobat. An attacker is allowed to construct a malicious PDF file and trick the user into parsing it, which can obtain sensitive memory information...

The vulnerability of Xen hypervisors, allowing a hacker to read data stored in memory

The vulnerability of the QEMU emulator for networking hardware in the Xen hypervisor is related to the lack of protection for service data. Exploiting this vulnerability allows a remote attacker to read data stored in memory...

Security Advisory - Two Privilege Escalation Vulnerabilities in Huawei Mate 7 Smartphones

The tzdriver module of Huawei Mate 7 smartphone has an input check error, which allows the user-mode application to modify kernel-mode memory data and maybe make system break down or application elevate privilege. Vulnerability ID: HWPSIRT-2015-03011 These Vulnerabilities have been assigned Commo...

FreeBSD : xorg-server -- Information leak in the XkbSetGeometry request of X servers. (54a69cf7-b2ef-11e4-b1f1-bcaec565249c)

Peter Hutterer reports : Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string...

xorg-server -- Information leak in the XkbSetGeometry request of X servers.

Peter Hutterer reports: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string...