Adobe Flash Player Double Free (APSB14-24: CVE-2014-0574)

A double free vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error caused by an attempt of the worker thread and the main thread to clear a shared ByteArray simultaneously. This vulnerability could lead to a crash of the player...

CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

DEBIAN-CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

CVE-2014-8133

CVE-2014-8133 affects the Linux kernel TLS implementation (arch/x86/kernel/tls.c) up to version 3.18.1. A local attacker can exploit a crafted application that uses set_thread_area and subsequently reads a 16‑bit value to bypass the espfix protection and, in turn, bypass ASLR. The description con...

CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

UBUNTU-CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3096)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3096 advisory. - net: sctp: fix panic on duplicate ASCONF chunks Daniel Borkmann Orabug: 19953088 CVE-2014-3687 - net: sctp: fix skboverpanic when receiving...

Lightweight Disassembly Framework: Capstone

Lightweight Disassembly Framework Capstone is a multi-platform, multi-architecture lightweight disassembly framework. Capstone Disassembly Engine v3.0 Released Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features...

Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit

Exploit for linux platform in category local exploits / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen email protected Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include include include...

KLA10601 Multiple vulnerabilities in Microsoft products

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1...

FreeBSD OpenSSH DoS

Race condition because of invalid thread-safe library linking...

Unbreakable Enterprise kernel Security update

2.6.39-400.215.12 - USB: whiteheat: Added bounds checking for bulk command response James Forshaw Orabug: 19849335 CVE-2014-3185 - HID: fix a couple of off-by-ones Jiri Kosina Orabug: 19849318 CVE-2014-3181 - KVM: x86: Improve thread safety in pit Andy Honig Orabug: 19905687 CVE-2014-3611...

CVE-2014-3661

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service thread consumption via vectors related to a CLI handshake...

CVE-2014-3661

CVE-2014-3661 affects Jenkins before 1.583 and LTS before 1.565.3 and causes a denial of service (thread consumption) through vectors related to a CLI handshake. The connected sources confirm this CVE entry and its description; no additional exploitation details are provided beyond the DoS impact...

RedHat Update for glibc RHSA-2014:1391-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-5496

kupuspellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service ZServer thread lock via a crafted URL...

Design/Logic Flaw

kupuspellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service ZServer thread lock via a crafted URL...

PYSEC-2014-38

kupuspellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service ZServer thread lock via a crafted URL...