Lucene search
K

57 matches found

exploitpack
exploitpack
added 2019/03/01 12:0 a.m.46 views

Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost

Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniquep...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2019/03/01 12:0 a.m.33 views

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.87 views

Google Chrome < M72 - PaymentRequest Service Use-After-Free

There are several object-lifetime issues in the browser process in the implementation of payments.mojom.PaymentRequest. The PaymentRequest object contains a std::uniqueptr to a PaymentRequestSpec, which is initialised during the call to PaymentRequest::Init...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.78 views

Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost

There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniqueptr owning a P2PSocketDispatcherHost, which we bind to an interface using base::Unretained in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/01 12:0 a.m.83 views

Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...

7.4AI score
Exploits0
NVD
NVD
added 2019/01/09 7:29 p.m.21 views

CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...

8.8CVSS8.3AI score0.02623EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2019/01/09 7:29 p.m.28 views

CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...

8.8CVSS7.3AI score0.02623EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/01/09 7:0 p.m.31 views

CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...

7.2AI score0.02623EPSS
Exploits0References6
CVE
CVE
added 2019/01/09 7:0 p.m.128 views

CVE-2018-6111

CVE-2018-6111 corresponds to a memory misreference/object lifetime issue in Google Chrome’s DevTools network handler, prior to version 66.0.3359.117. A local attacker could run arbitrary code via a crafted HTML page. Affected: Chrome/Chromium DevTools. Root cause: memory misreference in DevTools ...

8.8CVSS7.1AI score0.02623EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2019/01/09 7:0 p.m.25 views

CVE-2018-6111

Removed by vendor...

8.8CVSS9.3AI score0.02623EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/11/26 8:35 a.m.9 views

chromium-browser: Use-after-free in GPU

Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.5AI score0.00895EPSS
Exploits0References5
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.147 views

MacOS/iOS multiple kernel UAFs due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient(CVE-2017-13847)

IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor. IOUserClient::clientClose is not a destructor and plays no role in the...

7.9AI score0.05028EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/12/12 12:0 a.m.57 views

Apple macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor...

7.4AI score
Exploits0
OSV
OSV
added 2017/02/20 8:59 a.m.5 views

CVE-2016-7613

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a...

7.8CVSS6.1AI score0.01423EPSS
Exploits0References5
Prion
Prion
added 2017/02/20 8:59 a.m.14 views

Code injection

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a...

9.3CVSS6.9AI score0.01423EPSS
Exploits0References5Affected Software4
MSRC
MSRC
added 2013/11/06 8:0 a.m.9 views

Software defense: safe unlinking and reference count hardening

Object lifetime management vulnerabilities represent a very common class of memory safety vulnerability. These vulnerabilities come in many shapes and sizes, and are typically quite difficult to mitigate generically. Vulnerabilities of this type result commonly from incorrect accounting with...

7.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/04/12 12:0 a.m.21 views

Internet Explorer Object Lifetime Management Memory Corruption (MS11-018; CVE-2011-1345)

A remote code execution vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. The...

9.3CVSS7.2AI score0.40875EPSS
Exploits1
Rows per page
Query Builder