Stack overflow

In Arm software implementing the Armv8-M processors all versions, the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the sta...

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)

Title: Linux/x8664 - execve/bin/sh 22 bytes ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 22 bytes ;github = https://github.com/STARRBOY ============ASM=========================== global start section .text start: ;int execveconst char filename, char const argv,char const...

JetAudio jetCast Server 2.0 Buffer Overflow

Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 13th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: http://www.jetaudio.com/ Software Link:...

CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. busprocessobject in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:3476-1)

This update for MozillaFirefox to 60.2.2ESR fixes the following issues : Security issues fixed : MFSA 2018-24 : CVE-2018-12386: A Type confusion in JavaScript allowed remote code execution bsc1110506 CVE-2018-12387: Array.prototype.push stack pointer vulnerability may have enabled exploits in the...

Null pointer dereference

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

Linux - Kernel Pointer Leak via BPF

Linux - Kernel Pointer Leak via BPF / Commit 82abbf8d2fc46d79611ab58daa7c608df14bb3ee "bpf: do not allow root to mangle valid pointers", first in v4.15 included the following snippet: ========= @@ -2319,43 +2307,29 @@ static int adjustregminmaxvalsstruct bpfverifierenv env, if srcreg-type !=...

Linux - Kernel Pointer Leak via BPF

/ Commit 82abbf8d2fc46d79611ab58daa7c608df14bb3ee "bpf: do not allow root to mangle valid pointers", first in v4.15 included the following snippet: ========= @@ -2319,43 +2307,29 @@ static int adjustregminmaxvalsstruct bpfverifierenv env, if srcreg-type != SCALARVALUE if dstreg-type != SCALARVALU...

Security update for Mozilla Firefox (important)

This update for Mozilla Firefox to version 60.2.2esr contains the following security fixes MFSA 2018-24: - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution bsc1110506 - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed...

CVE-2018-4001

An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...

SUSE-SU-2018:0436-1 Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3)

This update for the Linux Kernel 4.4.103-638 fixes one issue. The following security issue was fixed: - CVE-2017-17712: The rawsendmsg function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges bsc1073230...

SUSE-SU-2018:0433-1 Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3)

This update for the Linux Kernel 4.4.103-633 fixes one issue. The following security issue was fixed: - CVE-2017-17712: The rawsendmsg function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges bsc1073230...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0383-1) (Spectre)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of...

SUSE-SU-2018:0345-1 Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3)

This update for the Linux Kernel 4.4.90-612 fixes several issues. The following security issues were fixed: - CVE-2017-17712: The rawsendmsg function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges bsc1073230. -...

SUSE-SU-2018:0294-1 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2)

This update for the Linux Kernel 4.4.90-9250 fixes one issue. The following security issue was fixed: - CVE-2017-17712: The rawsendmsg function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges bsc1073230...

SUSE-SU-2018:0281-1 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2)

This update for the Linux Kernel 4.4.90-9245 fixes several issues. The following security issues were fixed: - CVE-2017-17712: The rawsendmsg function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges bsc1073230. -...

CVE-2017-17856

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement...

CVE-2017-17856

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement...

CVE-2017-17856

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement...