OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...

ALPINE-CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

UBUNTU-CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

Slow Restore Performance With Direct SAN Mode

Challenge When performing an Entire VM Restore or Virtual Disk Restore using Direct SAN Restore, the performance may be sub-optimal when the restored Disk Type Setting is set to Thick lazy zeroed. Cause When using Direct SAN to restore a disk with its disk type set to Thick lazy zeroed, overall...

Linux x86 - execve /bin/sh - 21 bytes

No description provided by source. / execve /bin/sh - x86/linux - 21 bytes . zeroed argv / envp [email protected] [email protected] thanks : ivan, milo, oldschool crew / int main char sc = \x6a\x0b // push byte +0xb \x58 // pop eax \x99 // cdq \x52 // push edx...

Linux x86 - execve /bin/sh - 21 bytes

Linux x86 - execve /bin/sh - 21 bytes. Shellcode exploit for linx86 platform / execve /bin/sh - x86/linux - 21 bytes . zeroed argv / envp [email protected] [email protected] thanks : ivan, milo, oldschool crew / int main char sc = "\x6a\x0b" // push byte +0xb "\x58" //...

kernel: agp: zero pages before sending to userspace

The 1 agpgenericallocpage and 2 agpgenericallocpages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading...

kernel: dio: zero struct dio with kzalloc instead of manually

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service OOPS, as demonstrated by a certain fio test...

kernel: dio: zero struct dio with kzalloc instead of manually

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service OOPS, as demonstrated by a certain fio test...