SUSE SLES11 Security Update : clamav (SUSE-SU-2017:1763-1)

This update for clamav fixes the following issues: Security issue fixed : - CVE-2012-6706: Fixed an arbitrary memory write in VMSFDELTA filter in libclamunrar bsc1045490 Non security issue fixed : - Fix permissions of /var/spool/amavis. bsc815106 Note that Tenable Network Security has extracted t...

SUSE-SU-2017:1763-1 Security update for clamav

This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSFDELTA filter in libclamunrar bsc1045490 Non security issue fixed: - Fix permissions of /var/spool/amavis. bsc815106...

UBUNTU-CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...

CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...

CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...

CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...

CVE-2017-10699

CVE-2017-10699 affects VLC media player (v2.2.x) where avcodec 2.2.x can perform an out-of-bounds heap memory write by calling memcpy() with an incorrect size in VLC before 2.2.7, potentially crashing the application or enabling code execution. Public advisories and vendor patches indicate fixes ...

CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...

SUSE-SU-2017:1716-1 Security update for clamav

This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSFDELTA filter in libclamunrar bsc1045490 Non security issues fixed: - Provide and obsolete clamav-nodb to trigger its removal in openSUSE Leap. bsc1040662...

unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 It appears that the VMSFDELTA memory corruption that was reported to Sophos AV in 2012 and fixed there was actually inherited from upstream unrar. For unknown reasons...

PT-2018-32: Arbitrary Code Execution in NCR S1

The specialists of the Positive Research center have detected an Arbitrary Code Execution vulnerability in NCR S1. Vulnerability in the NCR S1 Dispenser controller, related to insufficient protection of the memory write mechanism, allows unauthenticated, remote attackers to execute arbitrary code...

CVE-2017-8242

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write...

Race condition

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write...

CVE-2017-8242

CVE-2017-8242 affects Android CAF releases that use the Linux kernel and involve the Secure Execution Environment (QTEE) driver. The issue is a race condition in the QTEE driver that can lead to an arbitrary memory write. The provided connected sources confirm the vulnerability description but do...

CVE-2017-8242

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write...

CVE-2017-8242

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write...

SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2017:1313-1)

This update for libxslt fixes the following issues : - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page bsc1035905. -...

The vulnerability of the console-based graphic editor ImageMagick, which allows a hacker to trigger a service failure

The vulnerability of the ReadPCDImage function in the pcd.c file of the ImageMagick console graphics editor is caused by the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure loss of access to...

Unspecified Vulnerability in Multiple Mozilla Products

Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...

shopify-scripts: OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write

PoC x = 0x4242422a a = &.=0 a = &.=0 Generated Opcodes irep 0x60c000014440 nregs=5 nlocals=3 pools=1 syms=0 reps=0 file: crashes/b.rb 3 000 OPLOADL R1 L0 ; 1111638570 ; R1:x 4 001 OPARRAY R3 R3 0 4 002 OPLOADI R4 0 4 003 OPARYCAT R2 R3 ; R2:a 5 004 OPARRAY R2 R2 0 ; R2:a R2:a 5 005 OPLOADI R3 0 5...