The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper....
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel....
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation...
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform,...
Mozilla Thunderbird is vulnerable to a denial of service, caused by a type confusion in the implementation of iCal in icaltimezone_get_vtimezone_properties. By persuading a victim to open a specially crafted email, an attacker could exploit this vulnerability to cause the...
Mozilla Thunderbird is vulnerable to a denial of service, caused by a stack-based buffer overflow in the implementation of iCal in icalrecur_add_bydayrules. By persuading a victim to open a specially crafted email, an attacker could exploit this vulnerability to cause the...
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash....
Mozilla Thunderbird is vulnerable to a denial of service, caused by a heap-based buffer overflow in the implementation of iCal in parser_get_next_char. By persuading a victim to open a specially crafted email, an attacker could exploit this vulnerability to cause the application...
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output....
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or...
Vulmon