1349 matches found
Apple macOSIOS 10.12.2 (16C67) - mach_msg Heap Overflow
Apple macOSIOS 10.12.2 16C67 - machmsg Heap Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1083 When sending ool memory via |machmsg| with |deallocate| flag or |MACHMSGVIRTUALCOPY| flag, |machmsg| performs moving the memory to the destination process instead of copyi...
Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1083 When sending ool memory via |machmsg| with |deallocate| flag or |MACHMSGVIRTUALCOPY| flag, |machmsg| performs moving the memory to the destination process instead of copying it. But it doesn't consider the memory entry objec...
Apache 2.2 - Scoreboard Invalid Free On Shutdown Vulnerability
Exploit for linux platform in category dos / poc Source: http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ Introduction Apache 2.2 webservers may use a shared memory segment to share child process status information scoreboard between the child processes and the parent...
The vulnerability of the shared memory manager of the sshd daemon used in OpenSSH encryption protection allows a hacker to increase their privileges.
The vulnerability of the manager of shared memory in the sshd daemon of the OpenSSH cryptographic protection mechanism arises from the execution of an operation beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor, operating locally, to enhance their privileges by...
CVE-2016-4546
Samsung devices with Android KK4.4 or L5.0/5.1 allow local users to cause a denial of service IAndroidShm service crash via crafted data in a service call...
CVE-2016-9225
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance ASA CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service DoS condition. The...
Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability
A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance ASA CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service DoS condition. The...
CVE-2016-10012
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
DEBIAN-CVE-2016-10012
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
Privilege escalation
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
CVE-2016-10012
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
CVE-2016-10012
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
CVE-2016-10012
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
UBUNTU-CVE-2016-10012
The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...
OpenSSH < 7.4 Multiple Vulnerabilities
According to its banner, the version of OpenSSH running on the remote host is prior to 7.4. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in ssh-agent due to loading PKCS11 modules from paths that are outside a trusted whitelist. A local attacker can exploit this, by...
[ASA-201612-20] openssh: multiple issues
Arch Linux Security Advisory ASA-201612-20 ========================================== Severity: Medium Date : 2016-12-22 CVE-ID : CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 Package : openssh Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-110 Summary...
BitUnmap: Attacking Android Ashmem
Posted by Gal Beniamini, Project Zero The law of leaky abstractions states that “all non-trivial abstractions, to some degree, are leaky”. In this blog post we’ll explore the ashmem shared memory interface provided by Android and see how false assumptions about its internal operation can result i...
Fedora 24 : mod_cluster (2016-249e92f700)
Fixed remote exploits in Apache HTTP Server modmanager and modproxycluster modules, fixed performance problems with shared memory, fixed thread pool off-by-one errors, enhanced Tomcat 8 interoperability, fixed modproxy integration, added WebSockets proxy layer for modcluster. Note that Tenable...
This Open Source 25-Core Processor Chip Can Be Scaled Up to 200,000-Core Computer
Researchers have designed a new computer chip that promises to boost the performance of computers and data centers while processing applications in parallel. Princeton University researchers have developed a 25-core open source processor, dubbed Piton named after the metal spikes used by rock...
Samsung Android JACK - Privilege Escalation
Exploit for Android platform in category local exploits Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=796 https://bugs.chromium.org/p/project-zero/issues/detail?id=795 The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to...