Security Advisories

In der folgenden Liste finden Sie sämtliche von NESO Security Labs identifizierte und veröffentlichte Schwachstellen, die keinem NDA unterliegen.

2013

  • Adobe Reader and Acrobat Integer Overflow Vulnerability (CVE-2013-2727)
  • Mac OS X PDF Ink Annotations Use-After-Free Vulnerability (CVE-2013-0971)

2011

  • Apple iOS OfficeImport Excel Double Free Vulnerability (CVE-2011-3261)
  • Apple iOS OfficeImport Word Document Parsing Memory Corruption Vulnerability
    (CVE-2011-3260)
  • Apple iOS and Mac OS X OfficeImport Word sprmTInsert Record Unitialized Memory Vulnerability (CVE-2011-0208)
  • iPhone App WhatsApp Messenger (Blog)
  • Apple iOS and Mac OS X OfficeImport Excel SHRFMLA Record Memory Corruption Vulnerability (CVE-2011-0184)
  • Apple iOS and Mac OS X OfficeImport Excel USREXCL Record Memory Corruption Vulnerability (CVE-2010-3786)

2010

  • Oracle Solaris Zones RPCSEC_GSS Denial of Service Vulnerability (CVE-2010-2393) Advisory
  • Google Chrome OOB Array Indexing Bug Advisory
  • avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption (CVE-2010-0705) Advisory
  • Apple iPhone OS and Mac OS X CoreAudio Stack Buffer Overflow (CVE-2010-0036) Advisory
  • Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL Pointer Dereference (CVE-2010-0453) Advisory

2009

  • Apple iPhone OS AudioCodecs Heap Buffer Overflow (CVE-2009-2206) Advisory
  • libsndfile/Winamp VOC Processing Heap Buffer Overflow (CVE-2009-1788) Advisory
  • xine-lib Quicktime STTS Atom Integer Overflow (CVE-2009-1274) Advisory
  • FFmpeg Type Conversion Vulnerability (CVE-2009-0385) Advisory
  • GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397) Advisory
  • Amarok Integer Overflow and Unchecked Allocation Vulnerabilities (CVE-2009-0135, CVE-2009-0136) Advisory
  • Sun Solaris aio_suspend() Kernel Integer Overflow Vulnerability (CVE-2009-0132) Advisory

2008

  • Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer dereference (CVE-2008-568) Advisory
  • MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability (CVE-2008-5616) Advisory
  • VLC media player RealMedia Processing Integer Overflow Vulnerability (CVE-2008-5276) Advisory
  • VLC media player cue Processing Stack Overflow Vulnerability (CVE-2008-5032) Advisory
  • VLC media player RealText Processing Stack Overflow Vulnerability (CVE-2008-5036) Advisory
  • VLC media player TiVo ty Processing Stack Overflow Vulnerability (CVE-2008-4654) Advisory
  • WebEx Meeting Manager ActiveX Stack Buffer Overflow (CVE-2008-3558) Advisory
  • G DATA AntiVirus/InternetSecurity/TotalCare 2008 GDTdiIcpt.sys Memory Corruption Vulnerability Advisory
  • Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences (CVE-2008-3792) Advisory
  • CA HIPS KmxFw.sys Kernel Memory Corruption (CVE-2008-2926) Advisory
  • Linux Kernel snd_seq_oss_synth_make_info() Information Disclosure Vulnerability (CVE-2008-3272) Advisory
  • Kaspersky kl1.sys Kernel Stack Overflow (CVE-2008-1518) Advisory
  • Sun Solaris SIOCSIPMSFILTER Kernel Integer Overflow (CVE-2008-2710) Advisory
  • avast! 4.7 aavmker4.sys Kernel Memory Corruption (CVE-2008-1625) Advisory
  • Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability (CVE-2008-1471) Advisory

2007

  • Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability (CVE-2007-4686) Advisory
  • Apple QuickTime STSD Heap Overflow Vulnerability (CVE-2007-3750) Advisory
  • Mac OS X AppleTalk AIOCSETZNUSAGE IOCTL Kernel Stack Overflow (CVE-2007-4267) Advisory
  • Check Point VPN-1 SecuRemote/SecureClient fw.sys Kernel Driver Memory Corruption Vulnerability Advisory