Lucene search
+L

329 matches found

0day.today
0day.today
added 2019/02/01 12:0 a.m.59 views

macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issu

/ It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between...

8.6CVSS0.1AI score0.03641EPSS
Exploits2
exploitpack
exploitpack
added 2019/01/31 12:0 a.m.39 views

macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem

macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem / It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/31 12:0 a.m.77 views

macOS &lt; 10.14.3 / iOS &lt; 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem

/ It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between...

7.4AI score
Exploits0
Veracode
Veracode
added 2019/01/15 9:15 a.m.30 views

Information Disclosure

github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may...

6.4CVSS6.4AI score0.00377EPSS
Exploits0References45Affected Software2
0day.today
0day.today
added 2018/08/23 12:0 a.m.35 views

Ghostscript - Multiple Vulnerabilities

Exploit for linux platform in category local exploits http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested t...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2018/08/22 12:0 a.m.27 views

Ghostscript - Multiple Vulnerabilities

Ghostscript - Multiple Vulnerabilities http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussi...

0.6AI score
Exploits0
Cvelist
Cvelist
added 2018/07/05 8:0 p.m.26 views

CVE-2018-8046

The getTip method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip method of Action Column...

5.9AI score0.67014EPSS
Exploits1References2
OSV
OSV
added 2018/06/26 4:29 p.m.4 views

CVE-2018-1000523

topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attac...

8.1CVSS5.9AI score0.01155EPSS
Exploits0References2
PyPA
PyPA
added 2018/06/26 4:29 p.m.9 views

PYSEC-2018-76

topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attac...

8.1CVSS7.4AI score0.01155EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:21 a.m.42 views

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine

Summary There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2017-3289 DESCRIPTION: Specially crafted bytecode can bypass the required call to super.init in a constructor, which allows uninitialize...

9.6CVSS0.2AI score0.95707EPSS
Exploits13Affected Software1
OSV
OSV
added 2018/05/29 9:29 p.m.22 views

CVE-2018-11545

md4c 0.2.5 has a heap-based buffer overflow in mdmergelines because mdislinklabel mishandles the case of a link label composed solely of backslash escapes...

9.8CVSS9.9AI score
Exploits0References1
OSV
OSV
added 2018/01/10 1:30 p.m.5 views

USN-3527-1 irssi vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. CVE-2018-5205 Joseph Bisch discovered that...

9.8CVSS7.4AI score0.02439EPSS
Exploits0References5
OSV
OSV
added 2018/01/06 4:29 p.m.2 views

DEBIAN-CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

7.5CVSS8.2AI score0.02439EPSS
Exploits0References1
OSV
OSV
added 2017/08/31 8:29 p.m.5 views

ALPINE-CVE-2017-0899

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...

9.8CVSS7.1AI score0.1081EPSS
Exploits1References1
OSV
OSV
added 2017/08/31 12:0 a.m.6 views

UBUNTU-CVE-2017-0899

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...

9.8CVSS6.8AI score0.1081EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2017/08/23 2:32 p.m.16 views

Zerodium Offers $500K for Secure Messaging App Zero Days

Zerodium, a vendor operating in the nebulous exploit acquisition market, has put a premium on zero-day vulnerabilities in secure messaging applications in a new pricing structure announced today. Remote code execution and local privilege elevation zero days in messaging apps such as WhatsApp,...

0.3AI score
Exploits0References4
exploitpack
exploitpack
added 2017/05/17 12:0 a.m.41 views

Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation

Microsoft Windows - Running Object Table Register ROTFLAGSALLOWANYCLIENT Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1112 Windows: Running Object Table Register ROTFLAGSALLOWANYCLIENT EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 or Window...

0.5AI score
Exploits0
Gitee
Gitee
added 2017/04/27 9:9 a.m.6 views

tplmap

This is an offensive tool for web application penetration testing. It is a Python tool called Tplmap, which assists in the exploitation of Code Injection and Server-Side Template Injection SSTI vulnerabilities. The tool uses a number of sandbox escape techniques to gain access to the underlying...

8.4AI score
Exploits0
NVD
NVD
added 2017/01/31 10:59 p.m.21 views

CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

6.4CVSS7AI score0.00377EPSS
Exploits0References16
OSV
OSV
added 2017/01/31 10:59 p.m.4 views

DEBIAN-CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

6.4CVSS6.9AI score0.00377EPSS
Exploits0References1
Rows per page
Query Builder