Lucene search
K

1367 matches found

CVE
CVE
added 2015/02/11 2:0 a.m.79 views

CVE-2015-0010

CVE-2015-0010 affects the Windows kernel-mode Cryptography Next Generation driver (cng.sys). The vulnerability occurs when using the CRYPTPROTECTMEMORY_SAME_LOGON option, where the code path does not validate the impersonation token’s level, permitting local users to bypass decryption restriction...

1.9CVSS6.2AI score0.0265EPSS
Exploits1References3Affected Software9
Tenable Nessus
Tenable Nessus
added 2015/02/03 12:0 a.m.44 views

Apple TV < 7.0.3 Multiple Vulnerabilities

According to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution...

10CVSS9.4AI score0.19725EPSS
Exploits1References31
Prion
Prion
added 2015/01/30 11:59 a.m.20 views

Design/Logic Flaw

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app...

10CVSS5.9AI score0.02939EPSS
Exploits0References7Affected Software3
CNVD
CNVD
added 2015/01/30 12:0 a.m.2 views

Apple TV and iOS Kernel Shared Memory Subsystem Elevation of Privilege Vulnerability

Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. Apple TV and iOS handle a security issue with the kernel's shared memory...

10CVSS7.4AI score0.02939EPSS
Exploits0References1
GoogleProjectZero
GoogleProjectZero
added 2014/10/20 12:0 a.m.29 views

Did the “Man With No Name” Feel Insecure?

Posted by James Forshaw, Taker of Names Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the OS. The bug, CVE-2014-3196 was fixed in M38, so it seemed...

7.5CVSS7.8AI score0.00987EPSS
Exploits0
NVD
NVD
added 2014/10/08 10:55 a.m.13 views

CVE-2014-3196

base/memory/sharedmemorywin.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors...

7.5CVSS6AI score0.00987EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2014/10/08 10:55 a.m.30 views

CVE-2014-3196

base/memory/sharedmemorywin.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors...

7.5CVSS6.8AI score0.00987EPSS
Exploits0References5
Prion
Prion
added 2014/10/08 10:55 a.m.24 views

Design/Logic Flaw

base/memory/sharedmemorywin.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors...

7.5CVSS6.5AI score0.00987EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2014/10/08 10:0 a.m.68 views

CVE-2014-3196

CVE-2014-3196 affects Google Chrome on Windows prior to 38.0.2125.101, where base/memory/shared_memory_win.cc did not enforce read-only restrictions on shared memory. This allowed a sandbox bypass by exploiting how memory sections are shared between processes, potentially enabling a compromised r...

7.5CVSS7.1AI score0.00987EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/10/08 10:0 a.m.25 views

CVE-2014-3196

base/memory/sharedmemorywin.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors...

6AI score0.00987EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2014/10/08 10:0 a.m.27 views

CVE-2014-3196

Removed by vendor...

7.5CVSS7.4AI score0.00987EPSS
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2014/10/01 12:0 a.m.37 views

More Mac OS X and iPhone sandbox escapes and kernel bugs

Posted by Ian Beer A couple of weeks ago Apple released OS X 10.9.5 and iOS 8 which fixed a number of sandbox escapes and privilege escalation bugs found by Project Zero. All-bar-one of these bugs were found via manual source code auditing where there was source and binary analysis where there...

10CVSS7.4AI score0.84178EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2014/09/03 12:0 a.m.52 views

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2334-1)

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS. CVE-2014-3917 An information leak was discovered in the rdm...

7.1CVSS6.7AI score0.05926EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2014/09/03 12:0 a.m.281 views

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2336-1)

A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt requests irq. A guest OS user could exploit this flaw to cause a denial of service host OS crash. CVE-2014-0155 Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket...

6.2CVSS6.6AI score0.05926EPSS
Exploits8References15
OSV
OSV
added 2014/09/02 6:0 p.m.4 views

USN-2337-1 linux vulnerabilities

A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt requests irq. A guest OS user could exploit this flaw to cause a denial of service host OS crash. CVE-2014-0155 Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket...

6.2CVSS6.8AI score0.05926EPSS
Exploits8References15
Ubuntu
Ubuntu
added 2014/09/02 5:57 p.m.88 views

USN-2336-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt requests irq. A guest OS user could exploit this flaw to cause a denial of service host OS crash. CVE-2014-0155 Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket...

6.2CVSS6.7AI score0.05926EPSS
Exploits8
Ubuntu
Ubuntu
added 2014/09/02 5:49 p.m.79 views

USN-2334-1: Linux kernel vulnerabilities

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS. CVE-2014-3917 An information leak was discovered in the rdm...

7.1CVSS6.7AI score0.05926EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/08/25 12:32 p.m.5 views

Android Side-Channel Hack Leads to Data Loss at USENIX

A weakness in Android, one that’s likely also found in other leading operating systems, allows an attacker to infer what’s happening on a victim’s user interface and launch an appropriate secondary attack resulting in data loss. Researchers from the University of Michigan and the University of...

1.6AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

IBM DB2 Universal Database Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11402/info An information disclosure vulnerability has been reported in IBM DB2. This vulnerability only exists when DB2 is installed on Microsoft Windows operating systems. This is due to a Windows permissions issue...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

MM 1.0.x/1.1.x Shared Memory Library Temporary File Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5352/info The MM Shared Memory library is reported to be prone to a race condition with regards to temporary files which may enable a local attacker to gain elevated privileges. This issue may reportedly be exploited by a...

7.1AI score
Exploits0
Rows per page
Query Builder