[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 10958 Download | Alert*

The Direct Rendering Manager subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager objects, which allows context-dependent attackers to cause a denial of service via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.

The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.

The host is installed with libevent in RHEL 6 or 7 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an excessively long input. Successful exploitation could allow attackers to crash the service.

The host is installed with IBM Tivoli Directory Server (TDS) 6.1 before 6.1.0.47 or 6.2 before 6.2.0.22 or 6.3 before 6.3.0.11 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a malformed LDAP paged search request. Successful exploitation allows remote attackers to cause the application to crash.

The host is installed with IBM Lotus Domino 8.5.x through 8.5.3 and is prone to open redirect vulnerability. A flaw is present in the application, which fails to properly handle the Web server component. Successful exploitation allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

The host is installed with IBM Tivoli Directory Server 6.2 before 6.2.0.3-TIV-ITDS-IF0004 and is prone to a security bypass vulnerability. A flaw is present in the Web Administration Tool, which fails to prevent auto completion of passwords in IDSWebApp login page. Successful exploitation could allow an attacker to bypass security and obtain access to an unattended workstation.

An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.

The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file.

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.


Pages:      Start    1081    1082    1083    1084    1085    1086    1087    1088    1089    1090    1091    1092    1093    1094    ..   1095

© SecPod Technologies