329 matches found
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issu
/ It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between...
macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem / It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and...
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
/ It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between...
Information Disclosure
github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may...
Ghostscript - Multiple Vulnerabilities
Exploit for linux platform in category local exploits http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested t...
Ghostscript - Multiple Vulnerabilities
Ghostscript - Multiple Vulnerabilities http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussi...
CVE-2018-8046
The getTip method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip method of Action Column...
CVE-2018-1000523
topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attac...
PYSEC-2018-76
topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attac...
Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine
Summary There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2017-3289 DESCRIPTION: Specially crafted bytecode can bypass the required call to super.init in a constructor, which allows uninitialize...
CVE-2018-11545
md4c 0.2.5 has a heap-based buffer overflow in mdmergelines because mdislinklabel mishandles the case of a link label composed solely of backslash escapes...
USN-3527-1 irssi vulnerabilities
Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. CVE-2018-5205 Joseph Bisch discovered that...
DEBIAN-CVE-2018-5205
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...
ALPINE-CVE-2017-0899
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...
UBUNTU-CVE-2017-0899
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...
Zerodium Offers $500K for Secure Messaging App Zero Days
Zerodium, a vendor operating in the nebulous exploit acquisition market, has put a premium on zero-day vulnerabilities in secure messaging applications in a new pricing structure announced today. Remote code execution and local privilege elevation zero days in messaging apps such as WhatsApp,...
Microsoft Windows - Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Microsoft Windows - Running Object Table Register ROTFLAGSALLOWANYCLIENT Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1112 Windows: Running Object Table Register ROTFLAGSALLOWANYCLIENT EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 or Window...
tplmap
This is an offensive tool for web application penetration testing. It is a Python tool called Tplmap, which assists in the exploitation of Code Injection and Server-Side Template Injection SSTI vulnerabilities. The tool uses a number of sandbox escape techniques to gain access to the underlying...
CVE-2016-9962
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...
DEBIAN-CVE-2016-9962
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...