CVE-2013-3896

Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."...

Cisco Open Network Environment Platform Unvalidated Pointer Vulnerability

A vulnerability in the Open Network Environment Platform ONEP could allow an authenticated, remote attacker to cause the network element to reload. The vulnerability is due to insufficient pointer validation. An attacker could exploit this vulnerability by sending a crafted packet to an ONEP...

Apple TV < 5.2 Multiple Vulnerabilities

According to its banner, the remote Apple TV 2nd generation or later device is prior to 5.2. It is, therefore, reportedly affected by several vulnerabilities : - Failure to properly validate that the user-mode pointer and length passed to the copyin and copyout functions could allow a user-mode...

Scientific Linux Security Update : kvm on SL5.x x86_64

It was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash denial of service or, possibly, resulting in th...

Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628)

This host is missing a critical security update according to Microsoft Bulletin MS11-012. OpenVAS Vulnerability Test $Id: secpodms11-012.nasl 8724 2018-02-08 15:02:56Z cfischer $ Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities 2479628 Authors: Sooraj KS Copyright: Copyright c 2011...

Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628)

This host is missing a critical security update according to Microsoft Bulletin MS11-012. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows Kernel 'Win32k.sys' Pointer Validation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...

CVE-2010-2962

drivers/gpu/drm/i915/i915gem.c in the Graphics Execution Manager GEM in the Intel i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory...

kmod, kvm security update

CentOS Errata and Security Advisory CESA-2010:0627 Updated kvm packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

CVE-2010-0431

CVE-2010-0431 affects QEMU-KVM (RHEV/kvm) where the host did not fully validate guest QXL driver pointers, enabling a privileged guest? user to crash the host (denial of service) or potentially escalate privileges. Public data show Red Hat/RHEV hypervisor updates (RHSA-2010-0622) and KVM updates ...

qemu: Insufficient guest provided pointers validation

QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service invalid pointer dereference and guest OS crash or possibly gain privileg...

qemu: Insufficient guest provided pointers validation

QEMU-KVM, as used in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service invalid pointer dereference and guest OS crash or possibly gain privileg...

MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability

MIT Kerberos contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is in the GSS-API acceptor component due to lack of pointer validation. An authenticated, remote attacker could exploit the vulnerability by makin...

CVE-2009-4325

CVE-2009-4325 affects IBM DB2 Client Interfaces: IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1; root cause is a missing null-pointer check that allows overwriting external memory via unspecified vectors. CVSS shows a medium impact (I/P, A/P) with network attack vecto...

Input validation

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute...

CVE-2009-1538

The CVE-2009-1538 family affects Microsoft DirectShow (quartz.dll) within DirectX 7.0–9.0c and DirectX/Windows DirectShow on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. A vulnerability exists in pointer validation when updating a QuickTime file, enabling remote code execution if a user ope...

Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability

Description Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow component. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result ...

Microsoft DirectShow Pointer Validation Remote Code Execution (MS09-028; CVE-2009-1538)

Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. The vulnerability is due to an error in the Microsoft DirectShow component that fails to properly validate certain values when updating ...

Microsoft Windows内核参数和指针验证权限提升漏洞(MS09-025)

BUGTRAQ ID: 35240,35238 CVECAN ID: CVE-2009-1125,CVE-2009-1124 Microsoft Windows是微软发布的非常流行的操作系统。 Windows内核没有正确地验证传递给系统调用的参数，以及从用户态传递的某些指针，导致权限提升漏洞。成功利用此漏洞的攻击者可以运行内核态中的任意代码。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2 Microso...

Input validation

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointe...