1332 matches found
CVE-2018-9842
CVE-2018-9842 affects CyberArk Password Vault prior to 9.7. The vulnerability allows remote attackers to obtain sensitive information from process memory by replaying a logon message (memory disclosure). Exploit details exist in third‑party disclosures and exploit listings, indicating practical a...
Node.js third-party modules: `byte` allocates uninitialized buffers and reads data from them past the initialized length
I would like to report a memory exposure vulnerbaility in byte It allows to extract process memory using Buffers in some cases. Module module name: byte version: 1.4.0 npm page: https://www.npmjs.com/package/byte Module Description Input Buffer and Output Buffer, just like Java ByteBuffer. Module...
NoMachine 6.0.80 (x64) - nxfuse Privilege Escalation
NoMachine 6.0.80 x64 - nxfuse Privilege Escalation from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3...
CVE-2018-5378
An out-of-bounds read vulnerability was discovered in Quagga. A BGP peer could send a specially crafted message which would cause Quagga to read out of bounds, potentially causing a crash or disclosure of up to 64KB process memory to the peer...
OpenSSH 5.4 < 7.1p2 Multiple Vulnerabilities
According to its banner, the version of OpenSSH running on the remote host is 5.x prior to 5.4, 6.x or 7.x prior to 7.1p2. It is, therefore, affected by multiple vulnerabilities. - A potential information disclosure vulnerability which may allow remote servers to obtain sensitive information from...
CVE-2017-15418
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
Updated varnish packages fix security vulnerability
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
[ASA-201711-29] varnish: information disclosure
Arch Linux Security Advisory ASA-201711-29 ========================================== Severity: Medium Date : 2017-11-26 CVE-ID : CVE-2017-8807 Package : varnish Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-502 Summary ======= The package varnish before...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
Design/Logic Flaw
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
Telegram Messenger for iOS and Android Information Disclosure Vulnerability
Telegram Messenger for iOS and Android is a suite of mobile messaging tools based on the iOS and Android platforms. An information disclosure vulnerability exists in Telegram Messenger version 2.6 for iOS and Telegram Messenger version 1.8.2 for Android. The vulnerability can be exploited to obta...
Google Chrome Information Disclosure Vulnerability (CNVD-2017-33597)
Google Chrome for Mac, Windows and Linux is a web browser for Mac, Windows and Linux platforms developed by Google Inc. Skia is one of the open source 2D graphics libraries that provides common APIs that work on a variety of hardware and software platforms. A security vulnerability exists in Skia...
CVE-2017-5119
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
CVE-2017-5117
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
CVE-2017-5102
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...