2542 matches found
CVE-2015-9067
In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset is addressed...
Code injection
In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset is addressed...
CVE-2015-9067
CVE-2015-9067 concerns Qualcomm products with Android CAF builds using the Linux kernel. The description indicates a potential compiler optimization of memset() that is addressed in these releases. The connected documents do not provide concrete technical details such as affected versions, exact ...
CVE-2015-9067
In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset is addressed...
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3 Exploit
Exploit for windows platform in category dos / poc 'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main let a = 1.1, 2.2; let b = new Uint32Array100; for let i = 0; i a0 = ; return 0; ; a0.toString; main; // Tested on Microsoft Edge 40.15063.0.0Insider...
Microsoft Edge Chakra Incorrect Jit Optimization Exploit
Yet another finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient. Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter 3 CVE-2017-8601 Coincidentally, Microsoft released the patch for the issue 1290 the d...
Microsoft Edge Chakra Incorrect Jit Optimization
Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter 3 CVE-2017-8601 Coincidentally, Microsoft released the patch for the issue 1290 the day after I reported it. But it seems they fixed it incorrectly again. This time, "funca, b, i;" is replaced with "funca, b, ;". PoC: 'use...
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3
'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main let a = 1.1, 2.2; let b = new Uint32Array100; for let i = 0; i a0 = ; return 0; ; a0.toString; main; // Tested on Microsoft Edge 40.15063.0.0Insider Preview...
Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter #3(CVE-2017-8601)
Coincidentally, Microsoft released the patch for the issue 1290 the day after I reported it. But it seems they fixed it incorrectly again. This time, "funca, b, i;" is replaced with "funca, b, ;". PoC: 'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main...
Microsoft Edge Chakra Incorrect Jit Optimization Exploit
This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient. Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter 2 CVE-2017-8548 I think the fix for 1045 is incorrect. Here's the original Po...
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter 3 'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main let a = 1.1, 2.2; let b = new Uint32Array100; for let i = 0; i a0 = ; return 0; ; a0.toString; main; // Tested on...
Microsoft Edge Chakra - Incorrect JIT Optimization with TypedArray Setter #2
a0 = ; return 0; ; a0.toString; main; I just changed "var b = new Uint32Array100;" to "var b = new Uint32Array0;", and it worked well. PoC: -- 'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main var a = 1.1, 2.2; var b = new Uint32Array0; // 0 // force t...
Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter #2(CVE-2017-8548)
I think the fix for 1045 is incorrect. Here's the original PoC. 'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main var a = 1.1, 2.2; var b = new Uint32Array100; // force to optimize for var i = 0; i a0 = ; return 0; ; a0.toString; main; I just changed...
Microsoft Edge Chakra - Incorrect JIT Optimization with TypedArray Setter #2
Microsoft Edge Chakra - Incorrect JIT Optimization with TypedArray Setter 2 a0 = ; return 0; ; a0.toString; main; I just changed "var b = new Uint32Array100;" to "var b = new Uint32Array0;", and it worked well. PoC: -- 'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-32...
Microsoft Edge Chakra Incorrect Jit Optimization
Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter 2 CVE-2017-8548 I think the fix for 1045 is incorrect. Here's the original PoC. 'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main var a = 1.1, 2.2; var b = new Uint32Array100; //...
rustgo: calling Rust from Go with near-zero overhead
русский Go has good support for calling into assembly, and a lot of the fast cryptographic code in the stdlib is carefully optimized assembly, bringing speedups of over 20 times. However, writing assembly code is hard, reviewing it is possibly harder, and cryptography is unforgiving. Wouldn't it ...
[SECURITY] Fedora 26 Update: varnish-5.1.3-2.fc26
This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=EF=BF=BD=EF=BF =BD=EF=BF=BDt have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a...
Qemu: i386: leakage of stack memory to guest in kvmvapic.c
An information-exposure flaw was found in Quick Emulator QEMU in Task Priority Register TPR optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory...
Cross-site Scripting (XSS)
Concrete5 is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary web script because the library does not sanitize it's parameters before rendering them for display. The following fields are affected: bannedword in...
How To Define Page File Size and Placement in Citrix App Layering 4.x
To provide Citrix customers and users a process to define page file size and location when using Citrix App Layering...