9 matches found
Unsound public API in unmaintained crate
The following functions in the tantonengine crate are unsound due to lack of sufficient boundary checks in public API: - Stack::offset - ThreadStack::get - RootMoveList::insertscoredepth - RootMoveList::insertscore The tantonengine crate is no longer maintained, so there are no plans to fix this...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that the kstackoffset variable actually uses only the low bit of the kernel stack offset entropy...
CVE-2020-27483
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided...
Linux Kernel 4.13 - compat_get_timex() Leak Kernel Pointer
Linux Kernel 4.13 - compatgettimex Leak Kernel Pointer define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32 struct time...
Linux Kernel 4.13 - compat_get_timex() Leak kernel pointer Exploit
Linux Kernel 4.13 - compatgettimex Leak kernel pointer Exploit define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32...
SUSE-SU-2017:1317-1 Security update for bash
This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr1 inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault...
Sun Solaris <= 2.5.1 PAM & unix_scheme Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/201/info There is a buffer overflow condition on arguments in Pluggable Authentication Modules PAM and unixscheme 5.4 and 5.3. Therefore, an unauthorized user could exploit this vulnerability via the passwd program to gai...
Solaris 2.4 passwd, yppasswd, and nispasswd Overflow Exploits
No description provided by source. ---------------------------- file newpass.c ------------------------------- include stdio.h include syslog.h define hiddenpasswd "/bin/hpasswd" /change here .../ define MAXLENGTH 32 void mainint argc, char argv int i; char args10; ifargc 10 args0=hiddenpasswd;...
Sun Solaris 2.5.1 PAM / unix_scheme - 'passwd' Local Privilege Escalation
/ source: https://www.securityfocus.com/bid/201/info There is a buffer overflow condition on arguments in Pluggable Authentication Modules PAM and unixscheme 5.4 and 5.3. Therefore, an unauthorized user could exploit this vulnerability via the passwd program to gain root access. Under SunOS 5.5.1...