Design/Logic Flaw

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...

Input validation

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions...

CVE-2020-10028 Multiple Syscalls In GPIO Subsystem Performs No Argument Validation

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...

CVE-2020-10028

CVE-2020-10028 concerns Zephyr RTOS, specifically the GPIO subsystem, where multiple syscalls perform no argument validation. Root cause: insufficient validation on syscall parameters, enabling possible improper access or misuse. Affected: Zephyr versions 1.14.0 and later, including 2.1.0 and lat...

Zelos - A Comprehensive Binary Emulation Platform

Zelos Z eropoint E mulated L ightweight O perating S ystem is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x8664 32- and 64-bit, AR...

[SECURITY] Fedora 30 Update: http-parser-2.9.3-1.fc30

This is a parser for HTTP messages written in C. It parses both requests and responses. The parser is designed to be used in performance HTTP applicatio ns. It does not make any syscalls nor allocations, it does not buffer data, it can be interrupted at anytime. Depending on your architecture, it...

Fedora: Security Advisory for http-parser (FEDORA-2020-830d8a1a92)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2020:0262-1)

This update for glibc fixes the following issues : Security issue fixed : CVE-2019-19126: Fixed to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition bsc1157292. Bug fixes : Fixed z15 s390x strstr implementation that can return incorrect...

SysWhispers - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Introduction Various security products place hooks in user-mode APIs which allow...

CVE-2019-20172

Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack...

FreeBSD mqueuefs Privilege Escalation

Exploit: FreeBSD-SA-19:15.mqueuefs - Privilege Escalation Author: Karsten König of Secfault Security Date: 2019-12-30 Change line 719 to choose which vulnerability is targeted libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper Exploit for FreeBSD-SA-19:15.mqueuefs and...

FreeBSD-SA-19:15.mqueuefs - Privilege Escalation

Exploit: FreeBSD-SA-19:15.mqueuefs - Privilege Escalation Author: Karsten König of Secfault Security Date: 2019-12-30 Change line 719 to choose which vulnerability is targeted libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper Exploit for FreeBSD-SA-19:15.mqueuefs and...

CVE-2011-5330

Distributed Ruby aka DRuby 1.8 mishandles the sending of syscalls...

Code injection

Distributed Ruby aka DRuby 1.8 mishandles the sending of syscalls...

KRF - A Kernelspace Randomized Faulter

KRF is a K ernelspace R andomized F aulter. It currently supports the Linux and FreeBSD kernels. What? Fault injection is a software testing technique that involves inducing failures "faults" in the functions called by a program. If the callee has failed to perform proper error checking and...

Information Disclosure

Linux kernel is vulnerable to information disclosure. The vulnerability exists because of incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel. Local users could obtain sensitive information from uninitialized stack data by triggering...

Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)

PS4 6.20 WebKit Code Execution PoC ============== This repo contains a proof-of-concept PoC RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in wkexploit.j...

macOS 127.0.0.1:4444 Reverse Shell Shellcode (103 bytes)

/ Title: macOS - Reverse 127.0.0.1:4444/TCP Shell /bin/sh + Null-Free Shellcode 103 bytes Tested: macOS 10.14.1 Author: Ken Kitahara Compilation: gcc -o loader loader.c dev:works devuser$ swvers ProductName: Mac OS X ProductVersion: 10.14.1 BuildVersion: 18B75 dev:works devuser$ cat ipv4rev.s...

Apple macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)

/ Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Date: 2018-07-30 Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned Tweet: https://twitter.com/anoane/status/1048549170217451520...

kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact

The dogetmempolicy function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service DoS or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out...