Lucene search
K

2027 matches found

Tenable Nessus
Tenable Nessus
added 2018/08/16 12:0 a.m.43 views

Scientific Linux Security Update : kernel on SL7.x x86_64 (20180814) (Foreshadow)

Security Fixes : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented...

7.8CVSS7.1AI score0.7354EPSS
Exploits0References8
Veracode
Veracode
added 2018/06/29 4:27 a.m.19 views

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This is due to a Use-After-Free UAF vulnerability in a stack variable which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...

7.5CVSS8.1AI score0.66913EPSS
Exploits6References6Affected Software2
Veracode
Veracode
added 2018/06/28 7:6 a.m.20 views

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to a Use-After-Free UAF vulnerability in borrowed inline caches which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...

7.5CVSS8AI score0.66913EPSS
Exploits6References4Affected Software2
Veracode
Veracode
added 2018/06/28 7:2 a.m.23 views

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to a Use-After-Free UAF vulnerability in ServerScriptContext which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...

7.5CVSS8AI score0.67233EPSS
Exploits7References4Affected Software2
CVE
CVE
added 2018/06/19 9:0 p.m.60 views

CVE-2018-12294

CVE-2018-12294 affects WebKitGTK+ (WebKitGTK+ prior to 2.20.2) where WebCore/TextureMapperLayer.cpp (TextureMapperLayer) is vulnerable to a use-after-free of WebCore::TextureMapperLayer. The connected sources consistently describe a WebKitGTK+ memory-use-after-free vulnerability; no vendor/produc...

8.8CVSS8.7AI score0.02457EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2018/06/08 12:0 a.m.36 views

MacOS kernel UAF due to lack of locking in nvidia GeForce driver(CVE-2018-4230)

nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when only one is held. Note that the repro forks a child which give the nvAccelerator a...

0.4AI score0.04164EPSS
Exploits3
exploitpack
exploitpack
added 2018/06/06 12:0 a.m.21 views

Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver

Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver / nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when on...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/05 12:0 a.m.131 views

WebKit - not_number defineProperties UAF (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF vulnerability in WebKit's JavaScriptCore library. , 'Licens...

7.1CVSS7AI score0.33353EPSS
Exploits7
0day.today
0day.today
added 2018/06/04 12:0 a.m.74 views

WebKit not_number defineProperties Use-After-Free Exploit

Exploit for multiple platform in category dos / poc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF...

9.3CVSS0.66788EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2018/05/29 12:0 a.m.41 views

EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1132)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user c...

7.8CVSS6.6AI score0.01221EPSS
Exploits3References11
Veracode
Veracode
added 2018/05/14 5:37 a.m.21 views

Denial Of Service (DoS) Through Use-After-Free (UAF)

libical.so is vulnerable to denial of service DoS through use-after-free UAF attacks. The vulnerability exists when a use-after-free UAF can be triggered while parsing a malicious ics file, causing the denial of service DoS attack...

9.1CVSS8.6AI score0.02059EPSS
Exploits0References4Affected Software1
0day.today
0day.today
added 2018/04/17 12:0 a.m.169 views

Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Exploit

Exploit for windows platform in category local exploits include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall...

7.2CVSS0.2AI score0.10034EPSS
Exploits4
Veracode
Veracode
added 2018/04/11 7:52 a.m.11 views

Use-After-Free (UAF)

libical is vulnerable to use-after-free UAF attacks. The vulnerability exists in the fetchlatlongfromstring function of icaltimezone.c due to a heap-based use-after-free UAF issue...

6.6AI score
Exploits0
Metasploit
Metasploit
added 2018/04/03 6:44 a.m.58 views

WebKit not_number defineProperties UAF

This module exploits a UAF vulnerability in WebKit's JavaScriptCore library. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This modu...

8.8CVSS6.1AI score0.66788EPSS
Exploits13
0day.today
0day.today
added 2018/04/03 12:0 a.m.253 views

ModSecurity WAF 3.0 for Nginx - Denial of Service Vulnerability

Exploit for linux platform in category dos / poc / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In the system logs I found information about the Nginx worker processes being terminated due to memory...

7AI score
Exploits0
exploitpack
exploitpack
added 2018/03/26 12:0 a.m.12 views

Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation

Microsoft Windows Manager 7 x86 - Menu Management Component UAF Privilege Elevation...

3.5AI score
Exploits0
Exploit DB
Exploit DB
added 2018/03/26 12:0 a.m.122 views

Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation

include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall pfnHMValidateHandleHANDLE, BYTE = NULL; static constexpr UINT...

7.8CVSS7.8AI score0.10034EPSS
Exploits4
Packet Storm
Packet Storm
added 2018/03/23 12:0 a.m.53 views

ModSecurity For Nginx Use-After-Free

Hey, TL;DR: UAF in a "non-release" version of ModSecurity for Nginx. !RCE|DoS, no need to panic. Plus some old and even older exploitation vectors. / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2018/03/23 12:0 a.m.42 views

ModSecurity WAF 3.0 for Nginx - Denial of Service

Use-After-Free UAF During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In the system logs I found information about the Nginx worker processes being terminated due to memory corruption errors. Through fuzzing and stress testing...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/03/01 9:48 a.m.40 views

CVE-2018-7566

ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...

7.8CVSS2.7AI score0.005EPSS
Exploits0References1
Rows per page
Query Builder