Lucene search
K

130 matches found

RedHat Linux
RedHat Linux
added 2018/05/08 7:4 p.m.9 views

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

7.5CVSS7AI score0.04252EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/03 5:6 a.m.3 views

php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function

A data leak was found in gdImageCreateFromGifCtx in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack...

6.5CVSS7.1AI score0.03418EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/17 3:29 p.m.6 views

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

7.5CVSS7AI score0.04252EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/10 3:23 p.m.3 views

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

7.5CVSS7AI score0.04252EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/10 9:1 a.m.6 views

kernel: Stack information leak in the EFS element

A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...

7.5CVSS7AI score0.04252EPSS
Exploits0References4
0day.today
0day.today
added 2018/01/29 12:0 a.m.54 views

macOS - sysctl_vfs_generic_conf Stack Leak Through Struct Padding Exploit

Exploit for macOS platform in category dos / poc / The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg1; namelen =...

0.1AI score0.03762EPSS
Exploits2
exploitpack
exploitpack
added 2018/01/29 12:0 a.m.27 views

macOS - sysctl_vfs_generic_conf Stack Leak Through Struct Padding

macOS - sysctlvfsgenericconf Stack Leak Through Struct Padding / The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2018/01/22 12:0 a.m.102 views

MacOS process_policy stack leak through uninitialized field(CVE-2017-7154)

The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be written to userspace. The call graph looks as follow...

5.6CVSS7.2AI score0.01134EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.36 views

Fedora 27 : xen (2017-c432db2971)

xen: various flaws 1501391 multiple MSI mapping issues on x86 XSA-237 DMOP map/unmap missing argument checks XSA-238 hypervisor stack leak in x86 I/O intercept code XSA-239 Unlimited recursion in linear pagetable de-typing XSA-240 Stale TLB entry due to page type release race XSA-241 page type...

8.8CVSS6.6AI score0.01547EPSS
Exploits1References9
0day.today
0day.today
added 2018/01/12 12:0 a.m.64 views

macOS - process_policy Stack Leak Through Uninitialized Field Exploit

Exploit for macOS platform in category dos / poc / The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be...

5.6CVSS7AI score0.01134EPSS
Exploits4
Packet Storm
Packet Storm
added 2018/01/12 12:0 a.m.48 views

macOS process_policy Stack Leak

MacOS processpolicy stack leak through uninitialized field CVE-2017-7154 The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kerne...

5.6CVSS7.5AI score0.01134EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/01/11 12:0 a.m.27 views

macOS - 'process_policy' Stack Leak Through Uninitialized Field

/ The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be written to userspace. The call graph looks as...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.50 views

MacOS getrusage stack leak through struct padding(CVE-2017-13869)

For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusageargs uap, unused int32t retval struct rusage rup, rubuf; struct user64rusage...

6.6AI score0.04736EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/12/11 12:0 a.m.35 views

Apple macOS - 'getrusage' Stack Leak Through struct Padding

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusagearg...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/12/11 12:0 a.m.28 views

Apple macOS - getrusage Stack Leak Through struct Padding

Apple macOS - getrusage Stack Leak Through struct Padding / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to...

0.1AI score
Exploits0
Debian
Debian
added 2017/11/20 1:39 p.m.34 views

[SECURITY] [DLA 1181-1] xen security update

Package : xen Version : 4.1.6.lts1-10 CVE ID : CVE-2017-15588 CVE-2017-15589 CVE-2017-15592 CVE-2017-15593 CVE-2017-15595 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-15588 Jann Horn discovered a race condition that can cause a stale TLB entry which might result i...

8.8CVSS8.9AI score0.01547EPSS
Exploits1
Xen Project
Xen Project
added 2017/10/12 12:0 p.m.533 views

hypervisor stack leak in x86 I/O intercept code

ISSUE DESCRIPTION Intercepted I/O operations may deal with less than a full machine word's worth of data. While read paths had been the subject of earlier XSAs and hence have been fixed, at least one write path was found where the data stored into an internal structure could contain bits from an...

6.5CVSS0.5AI score0.00407EPSS
Exploits0Affected Software1
NVD
NVD
added 2017/08/16 3:29 p.m.29 views

CVE-2016-5347

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver...

4.7CVSS4.5AI score0.00548EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/12/14 12:0 a.m.31 views

FreeBSD : xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override (80a897a2-c1a6-11e6-ae1b-002590263bf5)

The Xen Project reports : The x86 instruction CMPXCHG8B is supposed to ignore legacy operand size overrides; it only honors the REX.W override making it CMPXCHG16B. So, the operand size is always 8 or 16. When support for CMPXCHG16B emulation was added to the instruction emulator, this restrictio...

3.3CVSS6.3AI score0.00421EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/07/16 5:18 p.m.4 views

Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg

The rfcommsockrecvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS6.4AI score0.00378EPSS
Exploits0References4
Rows per page
Query Builder