1351 matches found
Mozilla: Missing bounds check on shared memory read in the parent process
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 73 and Firefox ESR68.5...
Mozilla: Missing bounds check on shared memory read in the parent process
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 73 and Firefox ESR68.5...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. Missing bounds check on shared memory read in the parent process allows an attacker to execute arbitrary code via a buffer overflow exploit...
Mozilla: Missing bounds check on shared memory read in the parent process
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 73 and Firefox ESR68.5...
Escaping the Chrome Sandbox with RIDL
Guest blog post by Stephen Röttger tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is u...
CVE-2020-6183
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...
CVE-2020-6183
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...
CVE-2020-6183
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...
CVE-2020-6796
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 73 and Firefox ESR68.5...
CVE-2020-6796
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 73 and Firefox ESR68.5...
UBUNTU-CVE-2020-6796
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 73 and Firefox ESR68.5...
iOS / macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in IOAccelCommandQueue2::processSegmentKernelCommand are incorrect. The IOAccelKernelCommand contains an 8-byte header consistin...
iOSmacOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
iOSmacOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in...
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in IOAccelCommandQueue2::processSegmentKernelCommand are incorrect. The IOAccelKernelCommand contains an 8-byte header consistin...
Ubuntu 18.04 LTS : Mesa vulnerability (USN-4271-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4271-1 advisory. Tim Brown discovered that Mesa incorrectly handled shared memory permissions. A local attacker could use this issue to obtain and possibly alter sensitive...
openSUSE: Security Advisory for Mesa (openSUSE-SU-2020:0084_1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Kernel: page cache side channel attacks
A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be us...
SUSE SLED12 / SLES12 Security Update : Mesa (SUSE-SU-2020:0145-1)
This update for Mesa fixes the following issues : Security issue fixed : CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability bsc1156015. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
OPENSUSE-SU-2020:0084-1 Security update for Mesa
This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability bsc1156015. This update was imported from the SUSE:SLE-15-SP1:Update update project...
SUSE-SU-2020:0146-1 Security update for Mesa
This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability bsc1156015...