CVE-2018-20406

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

GitLab: information disclosure of secret_key_base via encoding charcters

@pareshparmar discovered an error page that was disclosing the value of the secretkeybase key of customers.gitlab.com to unauthenticated users, which would have allowed an attacker to arbitrarily decrypt signed cookies. So I was fuzzing one parameter with different type of encodings. And one...

CVE-2018-9522

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not...

CVE-2018-9522

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not...

CVE-2018-9522

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not...

CVE-2018-6067

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-6067

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-6067

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2018-6067

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-6067

Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-6067

CVE-2018-6067 is a vulnerability in Google Chrome/Chromium where the Skia library contains a buffer/heap overflow issue. Affected component: Skia inside Chrome/Chromium prior to version 65.0.3325.146. Root cause: unspecified in the provided documents beyond “buffer overflow in the Skia library.” ...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

systemd - reexec State Injection Exploit

Exploit for linux platform in category dos / poc / I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When systemd re-executes e.g. during a package upgrade,...

Linux systemd Line Splitting

systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When system...

Linux systemd Line Splitting Exploit

Linux has an issue with systemd where overlong input to fgets during reexec state injection can lead to line splitting. systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as...

CVE-2018-18628

Pippo 1.11.0 is affected by CVE-2018-18628. The issue arises in SerializationSessionDataTranscoder.decode(), which calls ObjectInputStream.readObject() to deserialize a SessionData object without verifying object types. An attacker can craft a malicious object, base64-encode it, and place it in t...

Akka Java Serialization vulnerability

Akka versions =2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem...