PUB-A-312268456

In sendDeviceState16 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-254774758

In OnWakelockReleased of attributionprocessor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

RUSTSEC-2022-0079 ELF header parsing library doesn't check for valid offset

The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...

dovecot -- null pointer deref in notify with empty headers

Aki Tuomi reports Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers...

Android 7 - 9 VideoPlayer - ihevcd_parse_pps Out-of-Bounds Write

Android 7 - 9 VideoPlayer - ihevcdparsepps Out-of-Bounds Write CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video with tiles enabled - pspps-i1tilesenabledflag you can...

Chrome V8 KeyAccumulator Bug Exploit

Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash. Chrome: V8: A bug with KeyAccumulator PoC: for let i = 0; i https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=a2ca1996873f3ffa79d9495fb2cf4e7c0e51d9e9&l=18369. The new table is directly used as the backing store of th...

Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1304)

Summary Use of IBM Spectrum Scale on an Elastic Storage Server/GPFS Storage Server in an unsupported configuration, where user applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file, may result in a daemon failure,...

Spoofing

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server ESS/GPFS Storage Server GSS during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a...

CVE-2017-1304

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server ESS/GPFS Storage Server GSS during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a...

Mapscrn 2.03 - Local Buffer Overflow (PoC)

Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: Mapscrn Part of setfont 2.0.3 The mapscrn command loads a user defined output character mapping table into the console driver. The console driver may be later put into use user-defined...

LG G4 MRA58K - mkvparser::Tracks constructor Failure to Initialise Pointers Exploit

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1117 Failure to initialise pointers in mkvparser::Tracks constructor The constructor mkvparser::Tracks::Tracks doesn't handle parsing failures correctly. If we look at the function...

Samsung Galaxy S6 - libQjpeg je_free Crash

Exploit for Android platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=617 The attached jpg causes an invalid pointer to be freed when media scanning occurs. F/libc 11192: Fatal signal 11 SIGSEGV, code 1, fault addr 0xffffffffffffb0 in tid...

Oracle MySQL 5.5.19-log Denial Of Service

5.5.19-log on SuSE Linux DoS exploit: -------------------------------------------------------------------------------------------------------- use Net::MySQL; use Unicode::UTF8 qwdecodeutf8 encodeutf8; $|=1; my $mysql = Net::MySQL-new hostname = '192.168.2.3', Default use UNIX socket database =...

MySQL Denial of Service Zeroday PoC

Exploit for linux platform in category dos / poc 5.5.19-log on SuSE Linux DoS exploit: -------------------------------------------------------------------------------------------------------- use Net::MySQL; use Unicode::UTF8 qwdecodeutf8 encodeutf8; $|=1; my $mysql = Net::MySQL-new hostname =...

MySQL - Denial of Service (PoC)

5.5.19-log on SuSE Linux DoS exploit: -------------------------------------------------------------------------------------------------------- use Net::MySQL; use Unicode::UTF8 qwdecodeutf8 encodeutf8; $|=1; my $mysql = Net::MySQL-new hostname = '192.168.2.3', Default use UNIX socket database =...

IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service

source: https://www.securityfocus.com/bid/1691/info Large amounts of data ie 1092+ characters in the Host: request header may cause the web server process to fault on signal 11 SIGSEGV or signal 10 SIGBUS. GET /servletsnoop HTTP/1.0 Host: xxxxxxxxxxxxxxxxxxxxxxxx1092+ characters resulted in the...