Ichitaro Word Processor PersistDirectory Code Execution Vulnerability

Summary Ichitaro Office contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function’s result, the application will use this result in a pointer calculation for reading file data into. Due t...

The ASLR protection mechanism is a breakthrough attack technical analysis-vulnerability warning-the black bar safety net

Recently, hardware-based attacks have been started by Rowhammer memory leaks or bypass the address space layout randomization protection mechanisms to attack the system, these attacks are based on the processor's memory management unit MMU with a page table interactive interactive manner. These...

NVIDIA GPU Display Driver Local Elevation of Privilege Vulnerability

NVIDIA GPU Driver is a set of graphics processor GPU drivers from NVIDIA. A local elevation of privilege vulnerability exists in NVIDIA GPU Driver. A local attacker could use this vulnerability to gain elevated privileges and perform unauthorized operations, with a failed attack resulting in a...

CVE-2016-4315

Cross-site request forgery CSRF vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxyajaxprocessor.jsp...

DEBIAN-CVE-2017-0309

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges...

Linux Kernel Denial of Service Vulnerability (CNVD-2017-01852)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in Linux Kernel. Successful exploitation of this vulnerability will result in excessive CPU resource consumption, causing a denial of...

Updated audacious-plugins packages fix security vulnerability

Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961. These issues were...

USN-3186-1: iucode-tool vulnerability

It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute...

[ASA-201701-35] linux-lts: privilege escalation

Arch Linux Security Advisory ASA-201701-35 ========================================== Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2017-2583 Package : linux-lts Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-150 Summary ======= The package linux-lts before...

[ASA-201701-32] linux: privilege escalation

Arch Linux Security Advisory ASA-201701-32 ========================================== Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2017-2583 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-149 Summary ======= The package linux before version...

UBUNTU-CVE-2016-9932

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix...

[SECURITY] Fedora 24 Update: qemu-2.6.2-6.fc24

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Intel Processor Memory Sinkhole Vulnerability - Lenovo Support US

No description provided...

Fixed in Apache Tomcat 7.0.75

Important: Information Disclosure CVE-2016-8745 Note: The issue below was fixed in Apache Tomcat 7.0.74 but the release vote for the 7.0.74 release candidate did not pass. Therefore, although users must download 7.0.75 to obtain a version that includes the fix for this issue, version 7.0.74 is no...

DEBIAN-CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags...

The Intel part of the Skylake Processor the presence of vulnerabilities: through the USB interface to the invasion of the computer-vulnerability warning-the black bar safety net

Foreign Security Service Provider Positive Technologies recently found that part of the Intel sixth-generation Core Skylake processor loopholes, allowing hackers through the USB interface to the invasion of the computer, completely taking over theoperating system. This is due to the CPU debug...

Using the Nintendo's 6502 processor instruction for Desktop Linux systems to exploit-vulnerability warning-the black bar safety net

gstreamer 0.10. x player NSF format of the music file when a vulnerability exists and a separate logic errors. A combination of both, you can achieve the very stability of the exploit method, and can bypass the 64-bit ASLR, DEP and so on. The so-called stable because the music player available in...

UBUNTU-CVE-2016-8745

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...

CVE-2017-0401

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitiv...

CVE-2017-0399

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitiv...