Lucene search
K

2027 matches found

Prion
Prion
added 2017/11/22 7:29 p.m.16 views

Privilege escalation

The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free UAF vulnerability. An attacker can trick a user ...

9.3CVSS7.9AI score0.01067EPSS
Exploits0References1Affected Software5
CVE
CVE
added 2017/11/22 7:0 p.m.59 views

CVE-2017-8142

CVE-2017-8142 affects Huawei Mate 9 and Mate 9 Pro devices, where the TEE module driver is vulnerable to a Use-After-Free (UAF). The issue occurs on software versions earlier than MHA-AL00BC00B221 and LON-AL00BC00B221. An attacker can entice a user to install a malicious app that spawns multiple ...

9.3CVSS8AI score0.01067EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/11/22 7:0 p.m.26 views

CVE-2017-8142

The Trusted Execution Environment TEE module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and...

8AI score0.01067EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/11/22 7:0 p.m.27 views

CVE-2017-8203

The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free UAF vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit...

7.8AI score0.01001EPSS
Exploits0References2
CVE
CVE
added 2017/11/22 7:0 p.m.49 views

CVE-2017-8160

The CVE-2017-8160 entry concerns Huawei devices with the Madapt driver. The vulnerability is described as a use-after-free (UAF) in the Madapt driver on specific Huawei smartphone models (pre-versions of several Vicky/Victoria builds). Impact stated: arbitrary code execution if a user is tricked ...

9.3CVSS7.8AI score0.01067EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/11/22 7:0 p.m.53 views

CVE-2017-8203

CVE-2017-8203 concerns a Use-After-Free in the Bastet driver on Huawei Nova 2 and Nova 2 Plus devices. Affected software versions are those earlier than BAC-AL00C00B173 and PIC-AL00C00B173. The vulnerability allows an attacker—via tricking a user into installing a malicious app with high privileg...

7.8CVSS7.8AI score0.01001EPSS
Exploits0References2Affected Software1
Huawei
Huawei
added 2017/09/27 12:0 a.m.19 views

Security Advisory - Use After Free Vulnerability in Bastet Driver of Some Huawei Smart Phones

The Bastet Driver of some Huawei smart phones has a use after free UAF vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. Vulnerability ID:...

7.8CVSS7.8AI score0.01001EPSS
Exploits0Affected Software2
Hacker One
Hacker One
added 2017/08/15 4:29 p.m.40 views

Internet Bug Bounty: CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read()

libzip is a C library for reading, creating, and modifying zip archives. A partial list of projects using libzip include: Plex Home Theater, MySQL Workbench, ckmame, fuse-zip, lua-zip, php zip extension, zipruby, Endeavour2, FreeDink, DeaDBeeF vfszip plugin, OpenLierox, ebook-tools, PDF Expert,...

7.5CVSS8.9AI score0.03286EPSS
Exploits0
myhack58
myhack58
added 2017/06/28 12:0 a.m.93 views

Analysis Firefox the shared array buffer of the UAF exploit-vulnerability warning-the black bar safety net

This article explores the structured cloning algorithm to handle the shared array buffer occurs when a reference leakage problems. While the lack of overflow checking, can be exploited to execute arbitrary code. Is divided into the following sections: Background, vulnerability, summary We exploit...

0.6AI score
Exploits0
Huawei
Huawei
added 2017/06/15 12:0 a.m.26 views

Security Advisory - Use After Free Vulnerability in TEE Module of Some Huawei Smart Phones

The Trusted Execution Environment TEE module driver of some Huawei smart phones has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could trigger...

9.3CVSS8AI score0.01067EPSS
Exploits0Affected Software2
seebug.org
seebug.org
added 2017/06/06 12:0 a.m.20 views

WebKit: Element::setAttributeNodeNS UAF

WebKit: Element::setAttributeNodeNS UAF Here's a snippet of Element::setAttributeNodeNS. ExceptionOr Element::setAttributeNodeNSAttr& attrNode ... setAttributeInternalindex, attrNode.qualifiedName, attrNode.value, NotInSynchronizationOfLazyAttribute; attrNode.attachToElementthis;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/30 12:0 a.m.49 views

Microsoft MsMpEng - Use-After-Free via Saved Callers

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1259 In JsRuntimeState::setCaller, it saves the current caller in the JsRuntimeState objectrcx+158h in 64-bit. But the garbage collector doesn't mark this saved value. So it results in a UAF. Unlike in our test environmentLinux, it...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/05/30 12:0 a.m.16 views

Microsoft MsMpEng - Use-After-Free via Saved Callers

Microsoft MsMpEng - Use-After-Free via Saved Callers Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1259 In JsRuntimeState::setCaller, it saves the current caller in the JsRuntimeState objectrcx+158h in 64-bit. But the garbage collector doesn't mark this saved value. So it...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/05/27 12:0 a.m.67 views

Apple iOS / MacOS Domain Socket Kernel Use-After-Free(CVE-2017-2501)

iOS/MacOS kernel uaf due to bad locking in unix domain socket file descriptor externalization unpexternalize is responsible for externalizing the file descriptors carried within a unix domain socket message. That means allocating new fd table entries in the receiver and recreating a file which...

7.6CVSS8.3AI score0.04189EPSS
Exploits3
seebug.org
seebug.org
added 2017/05/26 12:0 a.m.39 views

WebKit: UXSS via Editor::Command::execute(CVE-2017-2504)

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly...

4.3CVSS6.7AI score0.03347EPSS
Exploits4
Packet Storm
Packet Storm
added 2017/05/25 12:0 a.m.74 views

WebKit Editor::Command::execute Universal Cross Site Scripting

WebKit: UXSS via Editor::Command::execute CVE-2017-2504 Here's a snippet of Editor::Command::execute used to handle |document.execCommand|. bool Editor::Command::executeconst String& parameter, Event triggeringEvent const if !isEnabledtriggeringEvent // Let certain commands be executed when...

6.9AI score0.03347EPSS
Exploits4
exploitpack
exploitpack
added 2017/05/25 12:0 a.m.28 views

Apple WebKit Safari 10.0.3(12602.4.8) - Editor::Command::execute Universal Cross-Site Scripting

Apple WebKit Safari 10.0.312602.4.8 - Editor::Command::execute Universal Cross-Site Scripting document-updateLayoutIgnorePendingStylesheets; return mcommand-executemframe, triggeringEvent, msource, parameter; This method is invoked under an |EventQueueScope|. But...

6.7AI score
Exploits0
0day.today
0day.today
added 2017/05/23 12:0 a.m.65 views

Apple iOS / macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor E

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1123 unpexternalize is responsible for externalizing the file descriptors carried within a unix domain socket message. That means allocating new fd table entries in the receiver...

7.6CVSS8.4AI score0.04189EPSS
Exploits3
myhack58
myhack58
added 2017/05/08 12:0 a.m.74 views

MS16-145: Edge browser the TypedArray. sort UAF vulnerability analysis-vulnerability warning-the black bar safety net

In this article, we will provide the reader detailed analysis of how to use the MS Edge browser in the UAF vulnerability to remote code execution. This article will provide readers in-depth analysis of the impact of MS Edge CVE-2016-7288 UAF vulnerability root causes, and how to reliably trigger...

7.6CVSS0.70354EPSS
Exploits2
seebug.org
seebug.org
added 2017/04/17 12:0 a.m.62 views

XNU kernel UaF due to lack of locking in set_dp_control_port (CVE-2016-7644)

setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv == HOSTPRIVNULL return KERNINVALIDHOST; if IPVALIDdynamicpagercontrolport ipcportreleasesenddynamicpagercontrolport;...

9.3CVSS7.7AI score0.0676EPSS
Exploits7
Rows per page
Query Builder