1363 matches found
Memory Corruption Vulnerability in SKWorkshop
SKWorkshop is a configuration software produced by Shenzhen Xianzhong Technology Co. SKWorkshop suffers from a memory corruption vulnerability when processing shm project files, which can be exploited by attackers to gain control of a user's system or crash the program...
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP server 2. Send request to page 3. Await 6:25AM for logrotate to restart Apache 4...
Splitting atoms in XNU
Posted by Ian Beer, Google Project Zero TL;DR A locking bug in the XNU virtual memory subsystem allowed violation of the preconditions required for the correctness of an optimized virtual memory operation. This was abused to create shared memory where it wasn't expected, allowing the creation of ...
Android - binder Use-After-Free via racy Initialization of -allow_user_free
Android - binder Use-After-Free via racy Initialization of -allowuserfree The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. The binder...
Android - binder Use-After-Free via racy Initialization of ->allow_user_free Exploit
Android - binder Use-After-Free via racy Initialization of -allowuserfree Exploit The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. Th...
Android - binder Use-After-Free via racy Initialization of ->allow_user_free
The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. The binder driver permits userspace to free buffers in the kernel-managed shared...
CVE-2019-6205
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...
CVE-2019-6208
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...
Memory corruption
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...
CVE-2019-6208
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...
Apple iOS, macOS and tvOS Kernel Memory Corruption Vulnerability
Apple iOS is an operating system developed for mobile devices; macOS Sierra, macOS High Sierra, and macOS Mojave are different versions of a specialized operating system developed for Mac computers; tvOS is a smart TV operating system. Kernel is one of the kernel components. A security...
Apple iOS, tvOS and macOS Kernel Memory Initialization Vulnerability
Apple iOS is an operating system developed for mobile devices; macOS Sierra, macOS High Sierra, and macOS Mojave are different versions of a specialized operating system developed for Mac computers; tvOS is a smart TV operating system. Kernel is one of the kernel components. A security...
Information Disclosure
qt is vulnerable to information disclosure attacks. The vulnerability exists as the QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions world-readable and world-writable for shared memory segments, which allows local...
Insecure Authorization
openjdk is vulnerable to insecure authorization. The 2D component created shared memory segments with insecure permissions, allowing a local attacker to exploit the vulnerability to read or write to the shared memory segment...
Virtuozzo 7 : readykernel-patch (VZA-2018-080)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - Use-after-free in the implementation of the shared memory. A flaw was found in the implementation of the shared memory...
Linux: Check options for /dev/shm directory
/dev/shm implements traditional shared memory concept. It is an efficient means of passing data between programs. This script tests options set on /dev/shm filesystem. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
XNU POSIX Shared Memory Mapping Issue
XNU: POSIX shared memory mappings have incorrect maximum protection CVE-2018-4435 When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the calling process. It does this with the following code: int...
XNU POSIX Shared Memory Mapping Issue Exploit
Exploit for multiple platform in category local exploits XNU: POSIX shared memory mappings have incorrect maximum protection CVE-2018-4435 When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the...
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the calling process. It does this with the following code: int prot =...
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the calling process. It does this with the following code: int prot = uap-prot; ... if prot & PROTWRITE && fp-fflag & FWRITE == 0 returnEPERM;...