CVE-2021-31426

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the XNU kernel lio_listio() function

Overview iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the GNU kernel's liolistio function, which can allow a malicious application to achieve unsandboxed, kernel-level code execution. Description iOS, iPadOS, tvOS, watchOS, and macOS contain an a double-free...

CVE-2019-19494

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21T4, Sagemcom F@...

CVE-2019-19494

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21T4, Sagemcom F@...

CVE-2018-6240

NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address...

Design/Logic Flaw

NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address...

CVE-2018-6240

CVE-2018-6240 affects NVIDIA Tegra BootRom. A local attacker with kernel privileges can write an arbitrary value to an arbitrary physical address, enabling escalation of privileges. Connected NVIDIA advisories confirm this vulnerability and map fixes to specific Jetson/Linux-for-Tegra releases: T...

CVE-2018-6240

NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address...

PT-2019-4315 · Cisco +6 · Cisco Epc3928Ad +9

Name of the Vulnerable Software and Affected Versions: Sagemcom F@st 3890 versions prior to 50.10.21 T4 Sagemcom F@st 3890 versions prior to 05.76.6.3f Sagemcom F@st 3686 version 3.428.0 Sagemcom F@st 3686 version 4.83.0 NETGEAR CG3700EMR version 2.01.05 NETGEAR CG3700EMR version 2.01.03 NETGEAR...

MemGuard - Secure Software Enclave For Storage Of Sensitive Information In Memory

Secure software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go. Features Sensitive data is encrypted and authenticated in memory using xSalsa2...

Apple macOS AMDRadeonX4000_AMDSIGLContext Double Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Apple MacOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of sideban...

Oracle Re-Patches Decade-Old Solaris Bug

Oracle has issued three fixes for a critical Solaris vulnerability that could allow kernel-level privilege escalation. Impacted are the Solaris 10 and 11.3 operating environments. Sun Microsystems now owned by Oracle originally patched the vulnerability in 2009. But, a “re-fix” is now required,...

Firewall and Privatizing Proxy: macOS Fortress

macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...

Security Bulletin: Vulnerability in Linux Kernel affects PowerKVM (CVE-2016-0728)

Summary A Linux Kernel privilege escalation vulnerability affects PowerKVM. Vulnerability Details CVEID: CVE-2016-0728 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the joinsessionkeyring function in...

Virtualization-based security (VBS) memory enclaves: Data protection through isolation

The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution...

Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader

PS4 5.05 Kernel Exploit --- Summary In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This exploit also contai...

CVE-2016-9093

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able t...

CVE-2016-9093

CVE-2016-9093 details (Symantec SEP): Affects the SymEvent Driver shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier. The issue arises from improper sanitization of logged-in user input, allowing a non-admin user who can save and run a crafted executable to access the driver inter...

Huge Flaws Affect Nearly Every Modern Device; Patch Could Hit CPU Performance

UPDATE: Researchers have finally disclosed complete technical details of two kernel side-channel attacks, Meltdown and Spectre—which affect not only Intel but also systems and devices running AMD, ARM processors—allowing attackers to steal sensitive data from the system memory. The first week of...

Google Patches KRACK Vulnerability in Android

Google this week finally addressed the KRACK vulnerability in Android, three weeks after the WPA2 protocol flaw was publicly disclosed. The KRACK patches are the most high-profile fixes in the November Android Security Bulletin, which includes three patches levels; the KRACK patches are in the No...