Linux ext4 suffers from an out-of-bounds memcpy via a non-inline system.data xattr.
0cb247cca18add1aee1a164432f6a72cSkia and Firefox suffer from an issue where an integer overflow in SkTDArray can lead to an out-of-bounds write.
f7eb1e6d567bfd69e4a654a5a1a0c0cfMicrosoft Edge Chakra suffers from a cross context use-after-free vulnerability.
f4c7a5b8adf1e791a28c344b2404f815Samsung Galaxy S7 Edge suffers from an OMACP WbXml string extension processing overflow vulnerability.
2702cb46ddd1e5d1a30361832c9812e1Microsoft Edge Chakra JIT suffers from an issue where a magic value can cause a type confusion vulnerability.
4a021dfd3c28a0b21d17bfd6d8b4c5bfVariant 4 of the speculative execution vulnerability that focuses on a speculative store bypass.
0c2f7e12ec920a6130940707130bd9feLinux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.
3e22473d4edff1e68082884c6f7a235bChakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.
09442d487262053ca44c67ade9eacecbMicrosoft Windows suffers from a token process trust SID access check bypass elevation of privilege vulnerability.
ace4fe2f42f537091fcddcf5ec0fcb58Chrome V8 suffers from an integer overflow vulnerability in object allocation size.
d354d3af55153261405bf964d6202de1Chrome V8 has a bug in the ObjectDescriptor class.
eb7d7ce8d537b4c677c0f9783ad86bd4macOS suffers from a double mach_port_deallocate in kextd due to failure to comply with MIG ownership rules.
3ed950f3129994df12395fa85baf3812macOS/iOS ReportCrash suffers from a mach port replacement due to failure to respect MIG ownership rules.
afd5e9434d99e4e48e8d1ec634a2c115There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot.
93e3958beacb3afdef525c4ced0c559bThere is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.
35af2b53d57b81fe5f7927312787ad3fGoogle Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.
eb56f2216b0ca1318d166d23fcad7b4cGoogle Chrome V8 suffers from an arrow function scope fixing bug.
4d52efa2602d737aaf7180cc2543c06cAdobe Flash suffers from a blur filtering out of bounds write vulnerability.
88c1fee8c2461e70f8fb6ccd45168207Adobe Flash suffers from an image inflation information disclosure vulnerability.
5a8202b546643e77eb7e2ebee544e14cAdobe Flash suffers from a sound playing overflow.
764b0bb1ef3ed5a38a8acdb4c7362484Adobe Flash suffers from a slab rendering overflow.
b512de2dc1d1e5461cd3384d37330c84Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.
d8ca369d4de256bff5cc0437ef5167b1The enlightened Windows Lockdown Policy check for COM Class instantiation can be bypassed by using a bug in .NET leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
9af4ae4b97751a5713a7402ad0feb6c6Microsoft Edge suffers from an ACG bypass vulnerability with OpenProcess().
0872aa70743c4a85442779d23b9462d1The Microsoft Windows kernel suffers from a 64-bit stack memory disclosure vulnerability in nt!NtQueryVirtualMemory (MemoryImageInformation).
d945b68fdd1c9e8436634fd2987bc3c8
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed