Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Exploit

Exploit for macOS platform in category dos / poc / This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory external methods. The intel...

Audacity 2.3 - Denial of Service (PoC)

Exploit Title: AudaCity 2.3 - Denial of Service PoC Author: Kağan Çapar Discovery Date: 2018-10-19 Software Link: https://www.fosshub.com/Audacity.html Vendor Homepage : https://www.audacityteam.org Tested Version: 2.3 Tested on OS: Windows 10 x64/86 Normal use CPU & Windows 7 High CPU usage &...

Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking

/ This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory external methods. The intel graphics drivers have their own hash table type...

Apple Intel GPU Driver - Use-After-FreeDouble-Delete due to bad Locking

Apple Intel GPU Driver - Use-After-FreeDouble-Delete due to bad Locking / This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory extern...

AudaCity 2.3 Denial Of Service

Exploit Title: AudaCity 2.3 - Denial of Service PoC Author: Kagan Capar Discovery Date: 2018-10-19 Software Link: https://www.fosshub.com/Audacity.html Vendor Homepage : https://www.audacityteam.org Tested Version: 2.3 Tested on OS: Windows 10 x64/86 Normal use CPU & Windows 7 High CPU usage &...

CVE-2018-9476

In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Version...

CVE-2018-9476

In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Version...

Design/Logic Flaw

In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Version...

Memory corruption

In sdcardfscreate and sdcardfsmkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne...

CVE-2018-9476

In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Version...

kernel security and bug fix update

3.10.0-862.14.4.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-862.14.4 - scsi Revert: lpfc: Fix port initialization failure Radomir Vrbovsky...

CVE-2018-16242

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy BLE to replay ciphertext based on a predictable nonce used in the locking protocol...

Design/Logic Flaw

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy BLE to replay ciphertext based on a predictable nonce used in the locking protocol...

UBUNTU-CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t...

mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Locking. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

CVE-2018-9415

In driveroverridestore and driveroverrideshow of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel...

UBUNTU-CVE-2018-9415

In driveroverridestore and driveroverrideshow of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel...

kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access

It was found that AIO interface didn't use the proper rwverifyarea helper function with extended functionality, for example, mandatory locking on the file. Also rwverifyarea makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This...

Symantec Norton App Lock Access Gain Vulnerability

Symantec Norton App Lock is a suite of applications from Symantec USA that provide security features for mobile devices. A security vulnerability exists in Symantec Norton App Lock. An attacker could exploit the vulnerability to gain access to a device by bypassing the application and preventing...

Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver

/ nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when only one is held. Note that the repro forks a child which give the nvAccelerator a...