google security research vulnerabilities and exploits

10
HIGH
CVE-2014-8817

coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_di...

7.2
HIGH
CVE-2015-6305

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstra...

10
HIGH
CVE-2014-0568

The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via an NTFS junction attac...

10
HIGH
CVE-2014-1373

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.

10
HIGH
CVE-2014-1377

Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.

10
HIGH
CVE-2014-1379

Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.

10
HIGH
CVE-2014-1376

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.

7.2
HIGH
CVE-2015-7358

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and...

CiphershedCiphershedTruecryptTruecryptVeracryptVeracrypt
4.3
MEDIUM
CVE-2016-4077

epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

6.9
MEDIUM
CVE-2014-3183

Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that spec...