Code injection

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660,...

CVE-2018-5837

The CVE-2018-5837 entry concerns Snapdragon SoCs (IPQ8074, MDM9xxx, SD series, etc.) where MAC address randomization during probe requests is compromised by a flawed RNG that outputs repeating values far sooner than expected. The description covers the affected devices and the root cause, but the...

CVE-2018-5837

In Snapdragon Automobile, Mobile, Wear in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710,...

UBUNTU-CVE-2018-5392

mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...

NetSpectre — New Remote Spectre Attack Steals Data Over the Network

A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed "NetSpectre," the new remote side-channel attack, which is related to Spectre...

Mozilla Firefox, Firefox ESR and Thunderbird Memory Corruption Vulnerability (CNVD-2018-12100)

Mozilla Firefox, Firefox ESR, and Thunderbird are products developed by the Mozilla Foundation.Firefox is an open source web browser, and Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client software...

Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-8320)

Summary An Apache Cordova Vulnerability for weak randomization was addressed by IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2015-8320 DESCRIPTION: Apache Cordova Android could allow a remote attacker to bypass security restrictions, caused by weak randomization of...

DEBIAN-CVE-2017-5400

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

Sensitive Information Leakage

libgcrypt.so is vulnerable to sensitive information leakage. The leakage persists because cipher/elgamal.c uses ElGamal encryption algorithm which has the ability of self re-randomization, and the support of key splitting to directly encrypt the messages...

OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

CVE-2018-0972

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server...

CVE-2018-0975

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server...

CVE-2018-0974

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-08762)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the Windows system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel. An attacker can exploit this vulnerability by logging on...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-08800)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the Windows system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel. An attacker can exploit this vulnerability by logging on...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-08570)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the Windows system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel. An attacker can exploit this vulnerability by logging on...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-08334)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the Windows system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel. An attacker can exploit this vulnerability by logging on...

kernel: Missing permission check in move_pages system call

The movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR...

kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass

The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call...

kernel: unlimiting the stack disables ASLR

A weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMITSTACK resource to unlimited...