The Apple Intel GPU driver suffers from use-after-free and double-delete issues due to bad locking.
b351e27cbcb6569d7e176048b1d1639fiOS and macOS suffers from a sandbox escape due to trusted length field in shared memory used by the HID event subsystem.
d02085ca3eebe96590a6bfad12954bf6iOS suffers from a kernel stack memory disclosure due to failure to check copyin return value.
dabae5d2d2f7dfbc02093d00e56e96e6iOS and macOS suffer from a sandbox escape vulnerability due to failure to comply with MIG object lifetime semantics in the iohideventsystem_client subsystem.
b9de50e80a2ea80f7f9468bd16b597e3iOS and macOS suffer from sandbox escape vulnerabilities due to MIG failing to use correct out-of-line descriptor lengths when parsing reply messages.
4f22a8f810b85991d35e76ab7b9861b4iOS and macOS suffers from a kernel memory corruption vulnerability due to integer overflow in IOHIDResourceQueue::enqueueReport.
eaf771ae19474d20de705e51b77b51d3iOS and macOS suffers from a sandbox escape vulnerability due to mach message sent from shared memory.
212667e2b57588da87c0742e251ac563The iOS kernel suffers from a use-after-free vulnerability due to bad error handling in personas.
00aa8ae882f2b6020f3e4a12749da1eeGhostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.
f6013aa13df201f50c343927fca57dcdThe Linux BPF verifier has an issue where 32-bit RSH verification does not truncate input before the ALU op.
373edc458d7e0a3a57e28573408ae811Linux suffers from a semi-arbitrary task stack read on ARM64 (and x86) via /proc/$pid/stack.
7100e417a396e293988088f73c3b7c3aChrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.
08315707021518b918593c1b05081689On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.
1ad1fd11e41df6d259aeb00e3e6cc367Ghostscript suffers from an issue where .loadfontloop exposes system operators in the saved execution stack.
8ee6daa56e7b3cbcf912ca5433934a03Ghostscript suffers from an executeonly bypass with errorhandler setup.
de8be7c4957ab4b3c8a37259c65b3c84WhatsApp suffers from a heap corruption vulnerability in RTP processing.
f6b01d303fe816031bf7b45feaa16a08Microsoft Edge suffers from a Chakra JIT type confusion bug.
6fbef805082788dae5a43414514f7830Microsoft Edge suffers from a Chakra JIT BailOutOnInvalidatedArrayHeadSegment check bypass vulnerability.
7f812f298d3183ada0ed61bc7dbd7d82gsview does not run -dSAFER, allowing for the execution of arbitrary code.
bc269c0811f9b687fc29e4ed1a486a78Ghostscript has an issue where an error object can expose system operators in the saved execution stack.
f076ce456ca16868992ed63958eaa396Android sdcardfs changes current->fs without proper locking.
30d07510d647a3e253ccd32f80cd1b03The Linux kernel suffers from a ptr leak via BPF due to a broken subtraction check.
3c1a45fa16b073a790adbcf32e65e7e7Chrome OS suffers from a /sbin/crash_reporter symlink traversal vulnerability.
c687c89c005c3b62a720e1c1f587693fThe Debian/Ubuntu AppArmor policy for evince in bypassable.
1b19708e83a1bfd77dfc118b056fc7eeAppArmor has an issue where filesystem blacklisting can be bypassed by moving parents.
639fa99eb3859f6045557741289c460b
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed