DEBIAN-CVE-2018-18653

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with...

UBUNTU-CVE-2018-18653

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with...

The Problems and Promise of WebAssembly

Posted by Natalie Silvanovich, Project Zero WebAssembly is a format that allows code written in assembly-like instructions to be run from JavaScript. It has recently been implemented in all four major browsers. We reviewed each browser’s WebAssembly implementation and found three vulnerabilities...

VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1257 VirtualBox: Windows Process DLL Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process...

VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1257 VirtualBox: Windows Process DLL Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening implemented by the VirtualBox driver can be...

The vulnerability of the console-based graphic editor ImageMagick and the operating system OpenSUSE Leap allows a hacker to load arbitrary modules.

The vulnerability of the magick/module.c component in the console-based image editing tool ImageMagick and the OpenSUSE Leap operating system is related to deficiencies in path name limitation for the directory. Exploiting this vulnerability allows a malicious actor to load arbitrary modules usin...

UBUNTU-CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

DEBIAN-CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

SUSE-SU-2017:0518-1 Security update for GraphicsMagick

This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped bsc1017310. - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculatio...

The vulnerability of the ssh-agent agent in the OpenSSH encryption tool allows a hacker to execute arbitrary code.

The vulnerability of the ssh-agent agent in the OpenSSH encryption tool is related to insufficient checking of modules loaded based on the PKCS11 encryption standard. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ImageMagick Information Disclosure And Security Bypass Vulnerabilities - Mac OS X

ImageMagick is prone to an information disclosure and security bypass vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DLA-584-1 libsys-syslog-perl - security update

Bulletin has no description...

Debian DLA-565-1 : perl security update

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make...

[SECURITY] [DLA 565-1] perl security update

Package : perl Version : 5.14.2-21+deb7u4 CVE ID : CVE-2016-1238 CVE-2016-6185 Debian Bug : 829578 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1238 Joh...

DLA-565-1 perl - security update

Bulletin has no description...

[SECURITY] [DSA 3628-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3628-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2016 https://www.debian.org/security/faq -...

DSA-3628-1 perl - security update

Bulletin has no description...

Design/Logic Flaw

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...