CVE-2022-4906

Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2023-2163

Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape...

Important: kernel

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

Omron CP1L-EL20DR-D Memory Arbitrary Read/Write (CVE-2023-22357)

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the...

CVE-2023-32233

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled...

PT-2023-4146 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 112.0.5615.49 Description: The issue is related to inadequate access control in the Sandbox component of Google Chrome, which can be exploited by a remote attacker to gain unauthorized access to sensitive...

System Mechanic v15.5.0.61 - Arbitrary Read/Write Exploit

/ Exploit Title: System Mechanic v15.5.0.61 - Arbitrary Read/Write Exploit Author: Brandon Marshall Vendor Homepage: https://www.iolo.com/ Tested Version - System Mechanic version 15.5.0.61 Driver Version - 5.4.11 - amp.sys Tested on OS - 64 bit Windows 10 18362 Fixed Version - System Mechanic...

System Mechanic v15.5.0.61 - Arbitrary Read/Write

/ Exploit Title: System Mechanic v15.5.0.61 - Arbitrary Read/Write Date: 26-09-2022 Exploit Author: Brandon Marshall Vendor Homepage: https://www.iolo.com/ Tested Version - System Mechanic version 15.5.0.61 Driver Version - 5.4.11 - amp.sys Tested on OS - 64 bit Windows 10 18362 Fixed Version -...

Fortinet Fortigate Arbitrary read/write vulnerability in administrative interface (FG-IR-22-391)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-391 advisory. - A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and...

SUSE CVE-2016-5198

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page...

SUSE CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

PT-2022-7264 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.1 watchOS versions prior to 9.2 iOS versions prior to 16.2 iPadOS versions prior to 16.2 tvOS versions prior to 16.2 Description: The issue is related to a bug in the kernel component that can bypass "pointer...

CVE-2022-26765

A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...

Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in...

GHSA-7CV3-GVMC-8MQ5 Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in...

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

CVE-2021-30769

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication...

CVE-2021-28637

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability achieve arbitrary read / write system information in the context of t...

PT-2021-7877 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 92.0.4515.107 Description: The issue is related to a use after free in Blink, allowing a remote attacker who has compromised the renderer process to perform arbitrary read/write via a crafted HTML page. This ca...

CVE-2021-28637

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability achieve arbitrary read / write system information in the context of t...