CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3596 advisory. - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24402831 CVE-2016-4470 - vfs: add vfsselectinode helper Miklos Szeredi Orabug:...

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

Internet Bug Bounty: Two vulnerabilities in the ssl module

I found two vulnerabilities in python's ssl module. The first is a PyXDECREF call on an object which isn't owned, leading to use-after-free and/or double free scenarios. The second vulnerability is an uninitialized variable use. I described both issues in detail in a mail to the PSRT. The mail an...

Unbreakable Enterprise kernel security update

2.6.39-400.283.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393863 CVE-2016-4470...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.9.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393864 CVE-2016-4470...

Unbreakable Enterprise kernel security update

kernel-uek 4.1.12-37.6.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393865 CVE-2016-4470 - ovl: fix permission checking for setattr Miklos Szeredi Orabug: 24393742 CVE-2015-8660...

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

SUSE SLES11 Security Update : Recommended update for NetworkManager-kde4 (SUSE-SU-2016:1465-1)

This NetworkManager-kde4 update fixes the following security and non security issues : - Fixed a long standing security issue. This makes knetworkmanager probe the RADIUS server for a CA certificate subject and hash if no CA certificate is specified. knetworkmanager then stores this data and send...

Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)

Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...

UBUNTU-CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...

CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...

ntp: crash with crafted logconfig configuration command

It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands...

Debian Security Advisory DSA 3388-1 (ntp - security update)

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote...

UBUNTU-CVE-2016-4020

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

Adobe Flash - Object.unwatch Use-After-Free

Adobe Flash - Object.unwatch Use-After-Free Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. Roughly 80 of the...

Adobe Flash - Object.unwatch Use-After-Free Exploit

Exploit for multiple platform in category remote exploits Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug...

CVE-2016-0828

The CVE concerns Android mediaserver: BnGraphicBufferConsumer::onTransact in libs/gui/IGraphicBufferConsumer.cpp failing to initialize a slot variable. This uninitialized state can let a remote attacker trigger an ATTACH_BUFFER action to read sensitive data and bypass a protection mechanism. Affe...

HEVD - HackSys Extreme Vulnerable Driver

HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level. HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use...