52 matches found
Deno's --deny-write check does not prevent permission bypass
Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Summary It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC js // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KE...
Huawei HarmonyOS Memory Write Privilege Bypass Vulnerability
Huawei HarmonyOS is a new distributed operating system developed by Huawei for the Internet of Everything era. It aims to provide a unified operating platform for multiple devices, breaking the device limitations of traditional operating systems and creating a cross-device, cross-platform...
CVE-2025-31172
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2025-31172
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is a new distributed operating system developed by Huawei for the Internet of Everything era. It aims to provide a unified operating platform for multiple devices, breaking the device limitations of traditional operating systems and creating a cross-device, cross-platform...
PT-2025-15180 · Huawei · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A memory write permission bypass vulnerability exists in the kernel futex module. Successful exploitation of this issue may affect service confidentiality. Recommendations: At the moment,...
VulnCheck KEV: CVE-2020-9870
A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code...
GHSA-6W8C-6JRG-QWJ2 Radicale regex metacharacters injection in the user name
Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by...
DEBIAN-CVE-2020-0009
In calcvmmayflags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for...
flash-plugin: multiple code execution issues fixed in APSB15-09
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on...
flash-plugin: multiple code execution issues fixed in APSB15-09
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on...