CVE-2020-25221

getgatepage in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting caused by gate page mishandling of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit...

CVE-2020-25221

CVE-2020-25221 affects Linux kernel 5.7.x and 5.8.x before 5.8.7. The vulnerability arises in get_gate_page() implemented in mm/gup.c, due to incorrect reference counting of the backing struct page for the vsyscall page, causing a refcount underflow. It can be triggered by any 64-bit process that...

Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)

Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...

VolExp - Volatility Explorer

This program allows the user to access a Memory Dump. It can also function as a plugin to the Volatility Framework https://github.com/volatilityfoundation/volatility. This program functions similarly to Process Explorer/Hacker, but additionally it allows the user access to a Memory Dump or access...

Matrix::new() drops uninitialized memory

Matrix::new internally calls Matrix::fillwith which uses ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct...

`pnet_packet` buffer overrun in `set_payload` setters

As indicated by this issue, a buffer overrun is possible in the setpayload setter of the various mutable "Packet" struct setters. The offending setpayload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro. Fixed in the packet...

CVE-2020-0235

In crusspsharedioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copyfromuser", ending up overwriting memory following "crussphdr". "crussphdr" is a static variable, of type "struct crusspioctlheader".Product: AndroidVersions:...

Redis Labs Redis Input Validation Error Vulnerability

Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. An input validation error...

Bandwidth Monitor 3.9 Full ROP Buffer Overflow

Exploit Title: Bandwidth Monitor 3.9 - Full ROP Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...

RM Downloader 3.1.3.2.2010.06.13 Buffer Overflow

Exploit Title: RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow SEH Date: 2020-04-20 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/9af366e59468eac0b92212912b5c3bcb-RMDownloader.exe Version: 3.1.3.2.2010.06.13 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the...

kernel security, bug fix, and enhancement update

3.10.0-1127.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 3.10.0-1127 - fs flexfiles: Dont tie up all the rpciod threads in resends Benjamin...

CVE-2020-0053

In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidlstructutil.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User...

Wedding Slideshow Studio 1.36 - Key Buffer Overflow

Wedding Slideshow Studio 1.36 - Key Buffer Overflow Exploit Title: Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-09 Vendor Homepage : http://www.wedding-slideshow-studio.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to...

Linux sendmsg() Privilege Escalation

Linux: privilege escalation via iouring offload of sendmsg onto kernel thread with kernel creds Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG submission...

kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c

A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory...

HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure

!/opt/local/bin/python2.7 Exploit Title: HPE Intelligent Management Center dbman Command 10001 Information Disclosure Date: 22-09-2019 Exploit Author: Rishabh Sharma Linkedin: rishabh2241991 Vendor Homepage: www.hpe.com Software Link:...

Fedora 29 : nfdump (2019-9013b5e75d)

2019-08-14 - Fix compile issues - Fix output buffer size for lzo1xdecompresssafe 2019-08-07 - Fix VerifyExtensionMap 179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. 175 - Fix off by 1 array. 173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterSt...

FreeBSD -- Reference count overflow in mqueue filesystem

Problem Description: System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact: A local user can use this flaw to obtain access...

Netperf 2.6.0 - Stack-Based Buffer Overflow

Netperf 2.6.0 - Stack-Based Buffer Overflow Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: Netperf 2.6.0 s a benchmark tool than developed by Helett Packard that can be used to measure the performance of many different types of networking. It...

SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1480-1)

This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194 Non-security issues fixed: Missing GPOs directory could have led to login problems bsc1132879 Fix a crash by adding...