CVE-2015-0010

The CryptProtectMemory function in cng.sys aka the Cryptography Next Generation driver in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol...

Security feature bypass

The CryptProtectMemory function in cng.sys aka the Cryptography Next Generation driver in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol...

CVE-2015-0010

CVE-2015-0010 affects the Windows kernel-mode Cryptography Next Generation driver (cng.sys). The vulnerability occurs when using the CRYPTPROTECTMEMORY_SAME_LOGON option, where the code path does not validate the impersonation token’s level, permitting local users to bypass decryption restriction...

Apple TV < 7.0.3 Multiple Vulnerabilities

According to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution...

Design/Logic Flaw

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app...

Apple TV and iOS Kernel Shared Memory Subsystem Elevation of Privilege Vulnerability

Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. Apple TV and iOS handle a security issue with the kernel's shared memory...

Did the “Man With No Name” Feel Insecure?

Posted by James Forshaw, Taker of Names Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the OS. The bug, CVE-2014-3196 was fixed in M38, so it seemed...

CVE-2014-3196

base/memory/sharedmemorywin.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors...

CVE-2014-3196

base/memory/sharedmemorywin.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors...

Design/Logic Flaw

base/memory/sharedmemorywin.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors...

CVE-2014-3196

CVE-2014-3196 affects Google Chrome on Windows prior to 38.0.2125.101, where base/memory/shared_memory_win.cc did not enforce read-only restrictions on shared memory. This allowed a sandbox bypass by exploiting how memory sections are shared between processes, potentially enabling a compromised r...

CVE-2014-3196

base/memory/sharedmemorywin.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors...

CVE-2014-3196

Removed by vendor...

More Mac OS X and iPhone sandbox escapes and kernel bugs

Posted by Ian Beer A couple of weeks ago Apple released OS X 10.9.5 and iOS 8 which fixed a number of sandbox escapes and privilege escalation bugs found by Project Zero. All-bar-one of these bugs were found via manual source code auditing where there was source and binary analysis where there...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2336-1)

A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt requests irq. A guest OS user could exploit this flaw to cause a denial of service host OS crash. CVE-2014-0155 Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2334-1)

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS. CVE-2014-3917 An information leak was discovered in the rdm...

USN-2337-1 linux vulnerabilities

A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt requests irq. A guest OS user could exploit this flaw to cause a denial of service host OS crash. CVE-2014-0155 Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket...

USN-2336-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt requests irq. A guest OS user could exploit this flaw to cause a denial of service host OS crash. CVE-2014-0155 Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket...

USN-2334-1: Linux kernel vulnerabilities

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS. CVE-2014-3917 An information leak was discovered in the rdm...

Android Side-Channel Hack Leads to Data Loss at USENIX

A weakness in Android, one that’s likely also found in other leading operating systems, allows an attacker to infer what’s happening on a victim’s user interface and launch an appropriate secondary attack resulting in data loss. Researchers from the University of Michigan and the University of...