1307 matches found
CVE-2016-4569
The sndtimeruserparams function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface...
PT-2016-5973 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.7 Description: The issue concerns the proc connectinfo function in the Linux kernel, which fails to initialize a certain data structure. This allows local users to obtain sensitive information from kernel stac...
UBUNTU-CVE-2016-4485
The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message...
CVE-2016-4485
The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message...
CVE-2016-2428
libAACdec/src/aacdecdrc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via...
CVE-2016-2428
libAACdec/src/aacdecdrc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via...
CVE-2016-2428
CVE-2016-2428 affects Android mediaserver: libAACdec/src/aacdec_drc.cpp in mediaserver allows a crafted media file to cause memory corruption via inadequate thread limiting, enabling remote code execution or a denial of service. Affected Android releases: 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1...
CVE-2016-4485
The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message...
CVE-2016-2428
libAACdec/src/aacdecdrc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via...
CVE-2016-4006
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service stack memory consumption and application crash via a crafted packet...
Microsoft Windows OLE Remote Code Execution (MS16-044: CVE-2016-0153)
A vulnerability was identified in Microsoft Word while processing an embedded object within a word document that could lead to a stack memory corruption. The Stack Corruption occures in ole32!OleRegEnumVerbs Functionis with an out of bound write...
CVE-2016-2563
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service stack memory corruption or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request...
Stack overflow
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service stack memory corruption or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request...
CVE-2016-2563
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service stack memory corruption or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request...
CVE-2016-2563
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service stack memory corruption or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request...
CVE-2014-9769
pcrejitcompile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata...
PCRE pcre_jit_compile.c Denial of Service Vulnerability
PCRE is a Perl library that includes a perl-compatible regular expression library. PCRE version 8.35 pcrejitcompile.c fails to properly optimize nested substitutions using table jumps. A remote attacker could utilize the constructed strings to cause a denial of service stack memory corruption...
Tor: Overreads/overcopies in torsocks
First off, I know torsocks isn't in scope, so I don't expect anything in return for this. I happened to stumble upon this so why not report it. However if you feel generous you're welcome to give me bounty/swag ofcourse :P. Here 16 bytes instead of 4 are copied, thereby copying 12 bytes of...
Memory corruption
pcrejitcompile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata...
CVE-2014-9769
pcrejitcompile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata...