562 matches found
Type confusion
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...
CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...
Mozilla: type confusion in JavaScript
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...
Mozilla: type confusion in JavaScript
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...
UBUNTU-CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...
CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
Exploit for linux platform in category dos / poc There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception; however, sometimes it is also used to print...
Arbitrary Memory Read Vulnerability in Hologic LE5109L PLCs
HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. An arbitrary memory read vulnerability exists in the HELISE LE5109L PLC, which can be exploited to cause the value of any register in the PLC to be read arbitrarily by constructing a specif...
JavaScript Core Arbitrary Code Execution
// Load Int library, thanks saelo! load'util.js'; load'int64.js'; // Helpers to convert from float to in a few random places var conva = new ArrayBuffer8; var convf = new Float64Arrayconva; var convi = new Uint32Arrayconva; var convi8 = new Uint8Arrayconva; var floatarrmagic = new...
Multiple Vulnerabilities in Phusion Passenger SpawningKit
Phusion Passenger is an Apache module from Phusion Netherlands for deploying Ruby on Rails projects on Apache and Nginx web servers.SpawningKit is one of the components. A security vulnerability exists in SpawningKit in version 5.3.x of Phusion Passenger prior to 5.3.2. An attacker can exploit th...
Google Android has an unspecified vulnerability (CNVD-2018-10037)
Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9625 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...
CVE-2015-9108
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NUL...
Null pointer dereference
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NUL...
CVE-2015-9108
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NUL...
Ubuntu本地提权漏洞(CVE-2017-16995)
Since commit f1174f77b50c "bpf/verifier: rework value tracking", the eBPF range tracking is security-relevant for the verification of eBPF code provided by unprivileged users. Therefore, any tiny slip-up in the arithmetic range tracking now turns into an arbitrary read+write in the full kernel...
Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape
Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3649 Vulnerabilities summary The following advisory describes two 2 guest to host escape found in Oracle...
Oracle VirtualBox Guest To Host Escape
SSD Advisory a Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3649 Vulnerabilities summary The following advisory describes two 2 guest to host escape found in Oracle VirtualBox version 5.1.30, and VirtualBox version 5.2-rc1...
Microsoft Edge Chakra CFG Bypass With leafInterpreterFrame Vulnerability
Chakra suffers from a CFG bypass with leafInterpreterFrame. Every JavaScript variable in Chakra except a tagged int is a pointer. From this pointer, using an arbitrary read, it is possible to follow a chain of pointers and end up with a pointer to the native stack. This allows disclosing the stac...
Linux Kernel 4.13 (Ubuntu 17.10) - waitid() SMEPSMAPChrome Sandbox Privilege Escalation
Linux Kernel 4.13 Ubuntu 17.10 - waitid SMEPSMAPChrome Sandbox Privilege Escalation // Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In thi...
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...