80 matches found
CVE-2018-13899
Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm...
CVE-2018-13899
CVE-2018-13899 describes a use-after-free memory fault in Qualcomm Snapdragon components when processing messages after an error, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables platforms (e.g., SDM630/660/665/670/675/820/845/855 and related QCS/SDA/X20/X24/X5 familie...
DEBIAN-CVE-2019-6488
The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in...
kernel: net: IPv6 DCCP implementation mishandles inheritance
The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memo...
CVE-2017-9919
IrfanView version 4.44 32bit with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at ntdll77df0000!LdrpResCompareResourceNames+0x0000000000000087."...
CVE-2017-10769
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll77df0000!memcmp+0x0000000000000018" without RPC...
UBUNTU-CVE-2017-0587
A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the...
CVE-2017-3036
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX picture exchange file format. Successful exploitation could lead to arbitrary code executi...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2008)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-2008 advisory. - regset: Return -EFAULT, not -EIO, on host-side memory fault H. Peter Anvin CVE-2012-1097 - regset: Prevent null pointer reference on readonly...
DEBIAN-CVE-2013-1988
Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XResQueryClients and 2 XResQueryClientResources functions...
PHP 5.3.7之前版本空指针引用拒绝服务漏洞
Bugtraq ID: 49249 PHP是一款流行的编程语言。 php 5.3.6存在多个空指针应用错误,如果用户更改malloc大小,可导致空指针引用而使应用程序崩溃。 要演示这些缺陷,可使用OpenBSD中默认512MB的默认内存限制。我们可以分配类似510MB的大内存剩余2MB,如果某些字符串超过2MB如4MB,PHP尝试使用malloc/strlen等拷贝这个字符串,malloc就会返回空。之后程序会引发空指针引用或缓冲区溢出。 PHP 5.3.7 厂商解决方案 PHP 5.3.7已经修复此漏洞,建议用户下载使用: http://www.php.net/ 127 ulimit ...
HPUX dtmailpr buffer overflow vulnerability
======================================================= HPUX dtmailpr buffer overflow vulnerability ======================================================= Davide Del Vecchio Adv8 Discovered in: 14/07/2003 Date: 19/11/2003 Tested on HP-UX B.11.00 Description: The dtmailpr program reads a...
HPUX dtprintinfo buffer overflow vulnerability
======================================================= HPUX dtprintinfo buffer overflow vulnerability ======================================================= Davide Del Vecchio Adv7 Discovered in: 14/07/2003 Date: 08/10/2003 Tested on HP-UX B.11.00 Description: The Print Viewer program provides ...
madcr: QnX 4.25 - multiples bof in suid/no suid files
/bin/sample ----------------//------------------------------ cd /bin ls -l sample -rwsrwxr-x 1 root root 20639 Jan 19 1996 sample sample perl -e 'print "A" x 280' Profile based upon 2000 samples/second. //1/bin/sample terminated SIGSEGV at 0005:00000041 1 672 Memory fault sample $perl -e 'print "...
TRU64 /usr/bin/passwd overflow
In light of the recent conversations on the non-executable stack I have decided to release some of the information I have been sitting on. alpha.snosoft.com uname -a OSF1 alpha.snosoft.com V5.1 732 alpha alpha.snosoft.com id uid=201dotslash gid=15users groups=0system alpha.snosoft.com ls -al...
TRU64 /usr/sbin/quot overflow
again ... in light of the non-exec stack talks I am releasing some info I have been sitting on... alpha.snosoft.com uname -a OSF1 alpha.snosoft.com V5.1 732 alpha alpha.snosoft.com id uid=201dotslash gid=15users groups=0system alpha.snosoft.com ls -al /usr/sbin/quot -rwx--s--x 1 bin mem 32832 Aug...
SCO 5.0.6 issues (lpadmin)
====================================================================== Strategic Reconnisiance Team Security AdvisorySRT2001-07 Topic: SCO 5.0.6 issues lpadmin Vendor: SCO Release Date: 03/27/01 ====================================================================== .: Description SCO OpenServer...
SCO 5.0.6 issues (recon)
====================================================================== Strategic Reconnaissance Team Security AdvisorySRT2001-02 Topic: SCO 5.0.6 issues recon Vendor: SCO Release Date: 03/27/01 ====================================================================== .: Description SCO OpenServer...
hp-ux.cu.overflow.txt
======================================================= HPUX cu -l option buffer overflow vulnerability ======================================================= Date: 02/11/2000 Tested on HP-UX B.11.00 $ ls -la which cu -r-sr-xr-x 1 bin 40960 9 avr 1998 /bin/cu Using '-l' with a long option string...
HPUX cu -l option buffer overflow vulnerabilit
======================================================= HPUX cu -l option buffer overflow vulnerability ======================================================= Date: 02/11/2000 Tested on HP-UX B.11.00 $ ls -la which cu -r-sr-xr-x 1 bin 40960 9 avr 1998 /bin/cu Using '-l' with a long option string...