8 matches found
Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation
Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU...
Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021
Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, onl...
Exploit for Use After Free in Google Android
CVE-2019-2215 CVE-2019-2215 POC for kernel 3.18 Based on Madd...
The Unsinkable Maddie Stone, Google’s Bug-Hunting Badass
The Project Zero reverse engineer shuts down some of the world's most dangerous exploits—along with antiquated hacker stereotypes...
Android Binder Use-After-Free
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Binder Use-After-Free Exploit", 'Description' = %q , 'License' = MSFLICENSE, 'Author' = 'Jann Horn', discovery and exploit 'Maddie Stone'...
CVE-2017-1274
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749. Recent assessments: gwillcox-r7 at November 22, 2020 3:09am UTC reported: Reported...
CVE-2016-7892
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution. Recent assessments: gwillcox-r7 at November 22, 2020 3:24am UTC reported: Reported ...
CVE-2015-4902
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. Recent assessments: gwillcox-r7 at November 23, 2020 6:18pm UTC reported: Reported as exploited in the wild as part of Google’s 2020 0day...