651 matches found
CVE-2019-13049
An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARUSYSFUNCMMAP, leading to escalation of privileges...
CVE-2019-13049
CVE-2019-13049 affects ToaruOS 1.10.10, where an integer wrap in kernel/sys/syscall.c enables mapping arbitrary kernel pages into a userland process via TOARU_SYS_FUNC_MMAP, causing privilege escalation. Multiple sources corroborate the same description, including Red Hat and CVE databases. The v...
CVE-2019-13049
An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARUSYSFUNCMMAP, leading to escalation of privileges...
PT-2019-13096 · Toaruos · Toaruos
Name of the Vulnerable Software and Affected Versions: ToaruOS version 1.10.10 Description: The issue is related to an integer wrap in the kernel/sys/syscall.c file, which allows users to map arbitrary kernel pages into userland process space via the TOARU SYS FUNC MMAP function, leading to...
Google Chrome M73 - FileSystemOperationRunner Use-After-Free
Google Chrome M73 - FileSystemOperationRunner Use-After-Free There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine...
Google Chrome < M73 - FileSystemOperationRunner Use-After-Free
There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine whether OperationID // wrap-around is occurring in the wild...
CVE-2018-6063
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page...
UBUNTU-CVE-2018-6063
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page...
ALPINE-CVE-2016-2123
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...
CVE-2016-2123
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...
CVE-2016-2123
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...
CVE-2016-2123
CVE-2016-2123 affects Samba versions 4.0.0–4.5.2, where the routine ndr_pull_dnsp_name contains an integer wrap/overflow flaw in parsing data from the Samba AD ldb database. An attacker who can write to the dnsRecord attribute over LDAP (default: authenticated LDAP users can do so for new DNS obj...
Buffer overflow
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprovcmdverifykey, the variable featurenamelength is not validated. There is a check for featurenamelen + filePathLen but there might be an integer wrap when checking featurenamelen ...
Progress Sitefinity Information Disclosure Vulnerability
Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity version 9.1, which stems from the fact that the wrapaccesstoken remains valid and is passed via a GET parameter after a session termination or...
CVE-2017-18179
Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...
CVE-2017-10998
In all Qualcomm products with Android releases from CAF using the Linux kernel, in audioaioionlookupvaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the address + length operatio...
PYSEC-2017-69
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...
PYSEC-2017-69
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...
CVE-2015-2674
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...
DEBIAN-CVE-2016-7969
The wraplinessmart function in assrender.c in libass before 0.13.4 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors, related to "0/3 line wrapping equalization."...