2520 matches found
Adobe Creative Cloud <= 3.5.1.209 Arbitrary File Read/Write Vulnerability (Mac OS X)
The version of Adobe Creative Cloud installed on the remote Mac OS X host is prior or equal to 3.5.1.209. It is, therefore, affected by a flaw in the JavaScript API for Creative Cloud Libraries due to an exposed service. An unauthenticated, remote attacker can exploit this to read or write...
Adobe Creative Cloud <= 3.5.1.209 Arbitrary File Read/Write Vulnerability
The version of Adobe Creative Cloud installed on the remote Windows host is prior or equal to 3.5.1.209. It is, therefore, affected by a flaw in the JavaScript API for Creative Cloud Libraries due to an exposed service. An unauthenticated, remote attacker can exploit this to read or write arbitra...
The vulnerability of the Windows operating system allows a perpetrator to bypass the protection mechanisms of Virtual Secure Mode Hypervisor Code Integrity.
The vulnerability of the Windows operating system is related to errors in security settings. Exploiting this vulnerability allows a malicious actor to bypass the Virtual Secure Mode Hypervisor Code Integrity protection mechanism and execute RWX page marking using a specially created application...
Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: An out-of-bounds flaw was found in the QEMU emulator built using 'addressspacetranslate' to map an address to a MemoryRegionSection. The flaw could occur while doing pcidmaread/write calls, resulting in an out-of-bounds read-write access error. ...
Microsoft Windows HVCI Security Bypass Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A security bypass vulnerability exists in Microsoft Windows 10 Gold and 1511, which stems from a program failing to properly allow certain kernel-mode pages to be marked as Read, Write, and Execute RWX....
CVE-2016-0181
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity HVCI protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass."...
CentOS 7 : qemu-kvm (CESA-2016:0724)
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Microsoft Windows Virtual Secure Mode Security Feature Bypass vulnerability (3155451)
This host is missing an important security update according to Microsoft Bulletin MS16-066. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Important: Red Hat Security Advisory: qemu-kvm-rhev security update
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
Important: Red Hat Security Advisory: qemu-kvm-rhev security update
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Important: Red Hat Security Advisory: qemu-kvm security update
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ASUS Memory Mapping Driver (ASMMAP/ASMMAP64) - Physical Memory Read/Write
Exploit for windows platform in category dos / poc / Source: http://rol.im/asux/ ASUS Memory Mapping Driver ASMMAP/ASMMAP64: Physical Memory Read/Write PoC by slipstream/RoL - https://twitter.com/TheWack0lian - http://rol.im/chat/ The ASUS "Generic Function Service" includes a couple of drivers,...
ASUS Memory Mapping Driver (ASMMAP/ASMMAP64) - Physical Memory Read/Write
/ Source: http://rol.im/asux/ ASUS Memory Mapping Driver ASMMAP/ASMMAP64: Physical Memory Read/Write PoC by slipstream/RoL - https://twitter.com/TheWack0lian - http://rol.im/chat/ The ASUS "Generic Function Service" includes a couple of drivers, ASMMAP.sys / ASMMAP64.sys, the version resources...
DEBIAN-CVE-2016-0774
The 1 piperead and 2 pipewrite implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux RHEL 7.1 do not properly consider the side effects of failed...
Unspecified Vulnerability in Adobe Creative Cloud Desktop JavaScript API for Creative Cloud Libraries
Adobe Creatie Cloud Desktop is a suite of applications for managing applications and services in the Creative Cloud Member Management Center from Adobe USA. A security vulnerability exists in Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop 3.5.1.209...
Code injection
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service libvirtd crash by triggering a failed unlink after creating a volume on a rootsquash NFS pool...
SAMR and LSA man in the middle attacks possible
The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. Both are application level protocols based on the generic DCE 1.1 Remote Procedure Call DCERPC protocol. These protocols ar...
openSUSE Security Update : ghostscript (openSUSE-2016-427)
ghostscript was updated to fix one security issue and one bug. The following vulnerability was fixed : - CVE-2015-3228: Specially crafted ps files could have caused an out of bound read/write due to an integer overflow, causing a segfault in the application or having unspecified further impact...
The vulnerability of the glibc implementation library, which allows attackers to increase their privileges
The vulnerability of the ptchown function in the glibc execution library arises from the lack of namespace checking related to the file descriptor passed as an argument. Exploiting this vulnerability allows a local attacker to record keyboard input, replace data, or potentially increase their...
The vulnerability of the Apache Tomcat application server allows a attacker to cause a service failure.
The vulnerability of the setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java of the Apache Tomcat application server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to circumvent access...