782 matches found
Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2018-10987)
Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. Microsoft Windows suffers from an elevation of privilege vulnerability. The vulnerability arises because the Win32k component fails to properly handle objects in memor...
UBUNTU-CVE-2018-8781
The udlfbmmap function in drivers/gpu/drm/udl/udlfb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code...
CVE-2016-9093
A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able t...
Memory Corruption Vulnerability in Apple macOS Sierra AppleGraphicsControl
Apple macOS Sierra is a specialized operating system developed by Apple for Mac computers.AppleGraphicsControl is one of the integrated graphics drivers. A security vulnerability exists in the AppleGraphicsControl component of Apple macOS Sierra versions prior to 10.12.6. An attacker can exploit...
PT-2018-18627 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.4 through 4.15 Description: The issue allows local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in code execution in kernel space. This is due t...
Microsoft Desktop Bridge Elevation of Privilege Vulnerability
Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Desktop Bridge is one of the desktop application converters. A boost vulnerability exists in Microsoft Desktop Bridge, which stems from the program's failure to properly manage the...
Microsoft Windows and Macrovision SafeDisc secdrv.sys driver memory misreference vulnerability
Microsoft Windows Vista, etc. are a series of operating systems released by Microsoft Corporation, U.S.A. Macrovision SafeDisc is a suite of copy protection programs for Windows applications and games distributed on CD-ROMs from the U.S.A. Macrovision. secdrv. sys is one of the drivers used by...
Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC)
function stage4 function mallocsz var backing = new Uint8Array1000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x1000+sz4; window.nogc.pushbacking; var ptr =...
macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkCo
Exploit for macOS platform in category dos / poc...
Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig
Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to ind...
Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to index a small table of pointers without bounds checking. The OOB-read pointer is passed to...
Linux Kernel DCCP Socket Use-After-Free
/ This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. Youall find in attachment the proof of concept code and the kernel panic log. BUG DETAILS When a socket sock...
Linux Kernel - DCCP Socket Use-After-Free Exploit
Exploit for linux platform in category dos / poc / This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. You’ll find in attachment the proof of concept code and the...
Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
Posted by Gal Beniamini, Project Zero In this blog post we’ll complete our goal of achieving remote kernel code execution on the iPhone 7, by means of Wi-Fi communication alone. After developing a Wi-Fi firmware exploit in the previous blog post, we are left with the task of using our newly...
CVE-2017-14344
The CVE-2017-14344 entry affects Jungo WinDriver's windrvr1240 kernel driver (likely
kernel: stack buffer overflow in the native Bluetooth stack
A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel CONFIGCCSTACKPROTECTOR=y, which is enabled on all architectures other tha...
Multiple Apple Products IOUSBFamily Memory Corruption Vulnerability
Apple macOS Sierra, iOS, tvOS, and watchOS are products of Apple Inc. Apple macOS Sierra is a specialized operating system developed for Mac computers. iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. watchOS is a smart watch operating system; watchOS ...
CVE-2017-6249
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A...
Microsoft Windows Graphics elevation of privilege vulnerability (CNVD-2017-16000)
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Graphics is one of the graphics driver components. An elevation of privilege vulnerability exists in Graphics in Microsoft Windows, which stems from a failure of the Graphics component to properly...
Microsoft Windows Graphics Component Elevation of Privilege Vulnerability (CNVD-2017-18941)
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Graphics is one of the graphics driver components. An elevation of privilege vulnerability exists in Graphics in Microsoft Windows, which stems from a failure of the Graphics component to properly...