CVE-2019-10565

Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

Memory corruption

Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574,...

CVE-2019-2246

CVE-2019-2246: A memory-corruption issue where thread start can trigger invalid memory writes in the kernel due to a user-provided argument, affecting Qualcomm Snapdragon-based devices (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon Mobile across numerous SoCs). Root cause: improper handl...

CVE-2019-2246

Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640, MSM8996AU, QCA6574,...

Kernel: vhost_net: infinite loop while receiving packets leads to DoS

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

Kernel: vhost_net: infinite loop while receiving packets leads to DoS

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

DEBIAN-CVE-2012-6122

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service crash by opening a file descriptor with a large integer value...

CVE-2012-6122

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service crash by opening a file descriptor with a large integer value...

Buffer overflow

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service crash by opening a file descriptor with a large integer value...

CVE-2012-6122

CVE-2012-6122 is a buffer overflow in the thread scheduler of the Chicken Scheme runtime. The flaw allows an attacker to trigger a crash/DoS by opening a file descriptor with a large integer value. The issue affects Chicken releases up to and including 4.8.0.1, with related follow-ons noted (CVE-...

The vulnerability of the PM_V3!CTagInfoThreadBase function in the WebAccess HMI Designer software allows a attacker to cause a service failure.

The vulnerability of the PMV3!CTagInfoThreadBase function GetNICInfo+0x0000000000512918 in the software for developing and managing HMI applications of WebAccess HMI Designer is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a...

FreeBSD : FreeBSD -- kernel memory disclosure from /dev/midistat (5027b62e-f680-11e9-a87f-a4badb2f4699)

The kernel driver for /dev/midistat implements a handler for read2. This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact : The races allow a program to read...

PT-2019-14891 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions up to 4.5.7 Description: The issue concerns the use of an unsanitized contact uuid variable in the file appmessagesmessages thread.php, which is reflected in HTML on three occasions, leading to a cross-site scripting XSS...

The vulnerability of the mkv::event_thread_t() function in the VideoLAN VLC media player software allows a attacker to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the mkv::eventthreadt function in the VideoLAN VLC media player software is related to a buffer overflow attack. Exploiting this vulnerability could allow an attacker to compromise data integrity, gain unauthorized access to protected information, and even cause service...

CVE-2019-3894

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...

September 24, 2019 — KB4515842 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803

September 24, 2019 — KB4515842 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1803 includes cumulative reliability improvements in Microsoft .NET Framework 4....

September 24, 2019 — KB4515840 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703

September 24, 2019 — KB4515840 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1703 includes cumulative reliability improvements in Microsoft .NET Framework 4....

September 24, 2019 — KB4515839 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607

September 24, 2019 — KB4515839 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1607 includes cumulative reliability improvements in Microsoft .NET Framework 4....

Tracking by Smart TVs

Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers...

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. With Thread Hijacking, it allows the hijacker.exe program to suspend a thread within the target.exe program allowing us to write shellcode to a thread. Usage int main System sys; Interceptor incp; Exceptio...