Lucene search
K

651 matches found

OSV
OSV
added 2019/06/29 3:15 p.m.5 views

CVE-2019-13049

An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARUSYSFUNCMMAP, leading to escalation of privileges...

7.8CVSS7.2AI score0.00523EPSS
Exploits1References1
CVE
CVE
added 2019/06/29 2:50 p.m.56 views

CVE-2019-13049

CVE-2019-13049 affects ToaruOS 1.10.10, where an integer wrap in kernel/sys/syscall.c enables mapping arbitrary kernel pages into a userland process via TOARU_SYS_FUNC_MMAP, causing privilege escalation. Multiple sources corroborate the same description, including Red Hat and CVE databases. The v...

7.8CVSS7.6AI score0.00523EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/06/29 2:50 p.m.28 views

CVE-2019-13049

An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARUSYSFUNCMMAP, leading to escalation of privileges...

7.7AI score0.00523EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/06/29 12:0 a.m.7 views

PT-2019-13096 · Toaruos · Toaruos

Name of the Vulnerable Software and Affected Versions: ToaruOS version 1.10.10 Description: The issue is related to an integer wrap in the kernel/sys/syscall.c file, which allows users to map arbitrary kernel pages into userland process space via the TOARU SYS FUNC MMAP function, leading to...

7.8CVSS7.6AI score0.00523EPSS
Exploits1References3
exploitpack
exploitpack
added 2019/03/19 12:0 a.m.18 views

Google Chrome M73 - FileSystemOperationRunner Use-After-Free

Google Chrome M73 - FileSystemOperationRunner Use-After-Free There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/19 12:0 a.m.104 views

Google Chrome < M73 - FileSystemOperationRunner Use-After-Free

There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine whether OperationID // wrap-around is occurring in the wild...

7.4AI score
Exploits0
OSV
OSV
added 2018/11/14 3:29 p.m.2 views

CVE-2018-6063

Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page...

8.8CVSS7.4AI score0.0154EPSS
Exploits1References5
OSV
OSV
added 2018/11/14 3:29 p.m.3 views

UBUNTU-CVE-2018-6063

Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page...

8.8CVSS7.3AI score0.0154EPSS
Exploits1References3
OSV
OSV
added 2018/11/01 1:29 p.m.3 views

ALPINE-CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

8.8CVSS6.7AI score0.06226EPSS
Exploits0References1
NVD
NVD
added 2018/11/01 1:29 p.m.18 views

CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

8.8CVSS8.2AI score0.06226EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/11/01 1:0 p.m.20 views

CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

8.1CVSS8.4AI score0.06226EPSS
Exploits0References4
CVE
CVE
added 2018/11/01 1:0 p.m.167 views

CVE-2016-2123

CVE-2016-2123 affects Samba versions 4.0.0–4.5.2, where the routine ndr_pull_dnsp_name contains an integer wrap/overflow flaw in parsing data from the Samba AD ldb database. An attacker who can write to the dnsRecord attribute over LDAP (default: authenticated LDAP users can do so for new DNS obj...

8.8CVSS8.3AI score0.06226EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/04/18 2:29 p.m.20 views

Buffer overflow

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprovcmdverifykey, the variable featurenamelength is not validated. There is a check for featurenamelen + filePathLen but there might be an integer wrap when checking featurenamelen ...

10CVSS8.3AI score0.01354EPSS
Exploits0References2
CNVD
CNVD
added 2018/02/26 12:0 a.m.4 views

Progress Sitefinity Information Disclosure Vulnerability

Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity version 9.1, which stems from the fact that the wrapaccesstoken remains valid and is passed via a GET parameter after a session termination or...

8.8CVSS6.9AI score0.02808EPSS
Exploits1References1
OSV
OSV
added 2018/02/12 2:29 p.m.3 views

CVE-2017-18179

Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...

8.8CVSS5.8AI score0.02808EPSS
Exploits1References2
OSV
OSV
added 2017/09/21 3:29 p.m.0 views

CVE-2017-10998

In all Qualcomm products with Android releases from CAF using the Linux kernel, in audioaioionlookupvaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the address + length operatio...

7.8CVSS6AI score
Exploits0References2
OSV
OSV
added 2017/08/09 6:29 p.m.9 views

PYSEC-2017-69

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...

5.9CVSS5.9AI score0.01352EPSS
Exploits0References4
PyPA
PyPA
added 2017/08/09 6:29 p.m.8 views

PYSEC-2017-69

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...

5.9CVSS6.8AI score0.01352EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/08/09 6:0 p.m.27 views

CVE-2015-2674

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...

5.5AI score0.01352EPSS
Exploits0References3
OSV
OSV
added 2017/03/03 4:59 p.m.1 views

DEBIAN-CVE-2016-7969

The wraplinessmart function in assrender.c in libass before 0.13.4 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors, related to "0/3 line wrapping equalization."...

7.5CVSS6.8AI score0.04227EPSS
Exploits0References1
Rows per page
Query Builder