CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

Security update for flatpak (important)

openSUSE Security Update: Security update for flatpak Announcement ID: openSUSE-SU-2021:3472-1 Rating: important References: 1191507 Cross-References: CVE-2021-41133 CVSS scores: CVE-2021-41133 SUSE: 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 An update...

Code injection

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...

CVE-2021-41133 Sandbox bypass via recent VFS-manipulating syscalls

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...

CVE-2021-41133 Sandbox bypass via recent VFS-manipulating syscalls

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...

Microsoft Azure Sphere Security Monitor SECTION_ABIDepends denial of service vulnerability

Talos Vulnerability Report TALOS-2021-1311 Microsoft Azure Sphere Security Monitor SECTIONABIDepends denial of service vulnerability August 10, 2021 CVE Number None SUMMARY A denial of service vulnerability exists in the Security Monitor SECTIONABIDepends functionality of Microsoft Azure Sphere...

Microsoft Azure Sphere mqueue inode initialization kernel code execution vulnerability

Summary A code execution vulnerability exists in the mqueue inode initialization functionality of Microsoft Azure Sphere 21.01. A specially crafted set of syscalls can lead to uninitialized kernel read, which in turn leads to code execution in kernel. To trigger this vulnerability, an attacker ca...

USN-4768-1: musl vulnerabilities

It was discovered that musl did not properly handle kernel syscalls. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. CVE-2018-1000001 It was discovered that musl did not properly handle the parsing of DNS response codes. A remote...

uEmu - Tiny Cute Emulator Plugin For IDA Based On Unicorn.

uEmu is a tiny cute emulator plugin for IDA based on unicorn engine. Supports following architectures out of the box: x86 , x64 , ARM , ARM64 , MIPS , MIPS64 What is it GOOD for? Emulate bare metal code bootloaders, embedded firmware etc Emulate standalone functions What is it BAD for? Emulate...

ExecuteAssembly - Load/Inject .NET Assemblies

ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; reusing the host spawnto process loaded CLR Modules/AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI,...

glibc security and bug fix update

2.17-322.0.2 - merge RH el7 u9 errata patches with Oracle patches Review-exception: Simple merge - merge RH el7 u9 patches with Oracle patches Review-exception: Simple merge - Four patches to match 3rd patch bundle from Marvell - modify MIPS values in elf/elf.h - add sysdeps/aarch64/sys/ifunc.h -...

SysWhispers2 - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported and example generated files available in the example-output/ folder. Difference BetweenSysWhispers 1 and 2 The usage is almost identical to SysWhispers1 but...

Information disclosure

In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the...

CVE-2020-15224

CVE-2020-15224 : Open Enclave before 0.12.0 has an information disclosure vulnerability when an enclave application uses socket-related syscalls (sockets.edl) loaded by a malicious host. An attacker who logs in and runs a crafted application could read privileged data from the enclave heap across...

Exploitability Analysis: Smash the Ref Bug Class

In April 2020, security researcher Gil Dabah published a paper on a set of vulnerabilities he had discovered within the Win32k subsystem of the Windows operating system. These vulnerabilities demonstrated instances of a new class of bugs, dubbed “Smash the Ref.” Dabah’s research included 13 test...

PT-2021-1501 · Flatpak +9 · Flatpak +9

Name of the Vulnerable Software and Affected Versions: Flatpak versions prior to 1.10.4 and 1.12.0 Description: The issue is related to the lack of blocking in the seccomp filter for mount-related system calls, which can be exploited to gain access to confidential data, disrupt its integrity, and...

Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability

Talos Vulnerability Report TALOS-2020-1130 Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability September 23, 2020 CVE Number None SUMMARY An information disclosure vulnerability exists in the Littlefs filesystem functionality of Microsoft Azure Sphere 20.06. A specially...

CVE-2020-10028

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...

CVE-2020-10028

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...