4005 matches found
CVE-2015-7686
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service CPU consumption via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associat...
CVE-2015-7686
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service CPU consumption via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associat...
CVE-2015-7686
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service CPU consumption via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associat...
Ruby on Rails: Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter
Nested attributes rejection proc bypass in Active Record. There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577...
chromium-browser: Use-after-free in Printing
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...
CVE-2015-3291
arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service skipped NMI by modifying the rsp register, issuing a syscall instruction, and triggering an NM...
DEBIAN-CVE-2015-3290
arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window...
CVE-2015-3290
arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window...
CVE-2015-3290
arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window...
Linux Nested NMIs Privilege Escalation
/ +++++ CVE-2015-3290 +++++ High impact NMI bug on x8664 systems 3.13 and newer, embargoed. Also fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a The other fix synchronous modifyldt does not fix CVE-2015-3290. You can...
Linux x86_64 NMI Privilege Escalation Due to Nested NMIs Interrupting espfix64
Exploit for linux platform in category local exploits / +++++ CVE-2015-3290 +++++ High impact NMI bug on x8664 systems 3.13 and newer, embargoed. Also fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a The other fix...
USN-2691-1: Linux kernel vulnerabilities
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs non-maskable interrupts. An unprivileged local user could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-3290 Colin King discovered a flaw in the addkey...
USN-2689-1: Linux kernel (Utopic HWE) vulnerabilities
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs non-maskable interrupts. An unprivileged local user could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-3290 Colin King discovered a flaw in the addkey...
Debian Security Advisory DSA 3313-1 (linux - security update)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2015-3290 Andy Lutomirski discovered that the Linux kernel does not properly handle nested NMIs. A local, unprivileged user could use this flaw for privilege...
UBUNTU-CVE-2015-3291
arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service skipped NMI by modifying the rsp register, issuing a syscall instruction, and triggering an NM...
PT-2015-6138 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.1.6 Description: The issue allows local users to gain privileges by triggering an NMI within a certain instruction window due to improper reliance on espfix64 during nested NMI processing in arch/x86/entry/ent...
Adobe Reader Nested Events Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...
php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...
PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)
A use-after-free vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a web applicati...