1658 matches found
GNU Binutils Denial of Service Vulnerability (CNVD-2017-34505)
GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in GNU Binutils 2.29.1. The vulnerability arises because the bfdelfparsegnuproperties function in...
CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
UBUNTU-CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
Code injection
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
CVE-2017-16837
Certain function pointers in Trusted Boot tboot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module TPM by hooking these function pointers...
CVE-2017-16829
The bfdelfparsegnuproperties function in elf-properties.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibl...
DEBIAN-CVE-2017-16829
The bfdelfparsegnuproperties function in elf-properties.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibl...
UBUNTU-CVE-2017-16829
The bfdelfparsegnuproperties function in elf-properties.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibl...
Microsoft Edge Chakra - StackScriptFunction::BoxState::Box Accesses to Uninitialized Pointers (Denial of Service)
Microsoft Edge Chakra - StackScriptFunction::BoxState::Box Accesses to Uninitialized Pointers Denial of Service / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1338 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var...
Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1338 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext, Js::Constants::MinStackInterpreter; closureInitDone...
Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers Exploit
Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: Accesses to uninitialized pointers in StackScriptFunction::BoxState::Box CVE-2017-11809 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAM...
Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers
Microsoft Edge: Chakra: Accesses to uninitialized pointers in StackScriptFunction::BoxState::Box CVE-2017-11809 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext,...
CVE-2017-15020
dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted ELF file, related to parsedie and...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.19.7 - Bluetooth: Properly check L2CAP config option output buffer length Ben Seri Orabug: 26796364 CVE-2017-1000251 3.8.13-118.19.6 - xen: fix bio vec merging Roger Pau Monne Orabug: 26645550 CVE-2017-12134 3.8.13-118.19.5 - fs/exec.c: account for argv/envp pointers Kees Co...
Unbreakable Enterprise kernel security update
2.6.39-400.297.8 - Bluetooth: Properly check L2CAP config option output buffer length Ben Seri Orabug: 26796428 CVE-2017-1000251 2.6.39-400.297.7 - xen: fix bio vec merging Roger Pau Monne Orabug: 26645562 CVE-2017-12134 - fs/exec.c: account for argv/envp pointers Kees Cook Orabug: 26638926...
Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure
Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1269 We have discovered that the nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mo...
Design/Logic Flaw
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call...