Opera suffers from a foreignObject textNode::removeChild use-after-free vulnerability.
Monthly Archives: December 2016
Android Mitigation Bypass
Because of a design bug in IOMX, the user-supplied sizes in the GET_PARAMETER and SET_PARAMETER calls ar e discarded before calling in to the responsible OMX code-paths. This has led to a variety of overflow-type bugs.
Android android.graphics.Bitmap Inter-Process munmap
Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between processes by providing an ashmem-mapped file descriptor containing the Bitmap’s raw pixel data. The android.graphics.Bitmap class illegally assumes that the size of the ashmem region provided by the user matches the actual underlying size of the Bitmap.
GLSA 201612-02: DavFS2: Local privilege escalation
MS Edge CMarkup::EnsureDeleteCFState Use-After-Free
A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge.
Vuln: Multiple Moxa NPort Products ICSA-16-336-02 Multiple Security Vulnerabilities
Multiple Moxa NPort Products ICSA-16-336-02 Multiple Security Vulnerabilities
Vuln: Google Chrome Prior to 55.0.2883.75 Multiple Security Vulnerabilities
Google Chrome Prior to 55.0.2883.75 Multiple Security Vulnerabilities
Vuln: Siemens SICAM PAS Products CVE-2016-8566 Local Security Bypass Vulnerability
Siemens SICAM PAS Products CVE-2016-8566 Local Security Bypass Vulnerability
Vuln: Siemens SICAM PAS Multiple Security Vulnerabilities
Siemens SICAM PAS Multiple Security Vulnerabilities