1658 matches found
CVE-2015-3027
Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program...
A preliminary understanding of the stack overflow vulnerability-vulnerability warning-the black bar safety net
1. What is the stack for? The stack is a mechanism that computers use to pass arguments to the function, can also be used to put into local function variables, function return address, it's purpose is to give a program a convenient way to access specific function of the partial data and from the...
OpenSSL multiple security vulnerabilities
NULL pointer dereferences, reahable asserts, memory corruptions...
freetype: information leak in _bdf_add_property()
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font...
CVE-2014-7931
factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers...
UBUNTU-CVE-2014-7931
factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers...
Microsoft Office multiple security vulnerabilities
Memory corruptions, index overflows, use-after-free, uninitialized pointers...
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue was...
Medium: libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel
Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws t...
libXt: Memory corruption due to unchecked use of unchecked function pointers
A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client...
Design/Logic Flaw
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application...
CVE-2014-4379
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application...
Apple OS X Dock Service Sandbox Escape Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OS X Dock. The...
Sysinternals Regmon 6.11 Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11042/info Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated pointers to kernel...
MySQL (Linux) Heap Based Overrun PoC Zeroday
No description provided by source. MySQL Heap Overrun tested for the latest version of mysql server on a SuSE Linux system As seen below $edx and $edi are fully controlled, the current instruction is = 0x83a6b24 freeroot+180: mov %edx,%edi this means we landed in a place where 4 bytes can be...
LBL traceroute 1.4 a5 Heap Corruption Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets...
CylantSecure 1.0 Kernel Module Syscall Rerouting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2958/info CylantSecure is a commercial Linux hardening tool and security infrastructure available from Cylant Technology. A problem in the CylantSecure infrastructure could allow users to escape monitoring. A user with ro...
Fedora 20 : mingw-gnutls-3.1.25-1.fc20 (2014-6953)
Version 3.1.25 released 2014-05-30 - libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. - libgnutls: Increased the maximum certificate size buffer in the PKCS 11 subsystem. - libgnutls: Check the return code of getpwuidr...
CVE-2014-1738
The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...
APPLE-SA-2014-04-22-3 Apple TV 6.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...