Twenty Year Anniversary
Showing 1 - 25 of 1,091 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2018-05-24
Linux Ext4 Out-Of-Bounds Memcpy
Posted May 24, 2018
Authored by Jann Horn, Google Security Research

Linux ext4 suffers from an out-of-bounds memcpy via a non-inline system.data xattr.

tags | exploit
systems | linux
MD5 | 0cb247cca18add1aee1a164432f6a72c
Skia / Firefox SkTDArray Integer Overflow
Posted May 24, 2018
Authored by Ivan Fratric, Google Security Research

Skia and Firefox suffer from an issue where an integer overflow in SkTDArray can lead to an out-of-bounds write.

tags | exploit, overflow
advisories | CVE-2018-5159
MD5 | f7eb1e6d567bfd69e4a654a5a1a0c0cf
Microsoft Edge Chakra Cross Context Bug Use-After-Free
Posted May 24, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a cross context use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-0946
MD5 | f4c7a5b8adf1e791a28c344b2404f815
Samsung Galaxy S7 Edge OMACP WbXml String Extension Processing Overflow
Posted May 24, 2018
Authored by Google Security Research, natashenka

Samsung Galaxy S7 Edge suffers from an OMACP WbXml string extension processing overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-10751
MD5 | 2702cb46ddd1e5d1a30361832c9812e1
Microsoft Edge Chakra JIT Magic Value Type Confusion
Posted May 24, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an issue where a magic value can cause a type confusion vulnerability.

tags | advisory
advisories | CVE-2018-0953
MD5 | 4a021dfd3c28a0b21d17bfd6d8b4c5bf
Speculative Execution Variant 4
Posted May 24, 2018
Authored by Jann Horn, Google Security Research

Variant 4 of the speculative execution vulnerability that focuses on a speculative store bypass.

tags | exploit
advisories | CVE-2018-3639
MD5 | 0c2f7e12ec920a6130940707130bd9fe
Linux 4-Byte Information Leak
Posted May 18, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.

tags | exploit
systems | linux
MD5 | 3e22473d4edff1e68082884c6f7a235b
Microsoft Edge Chakra JIT Bounce Check Elimination Bug
Posted May 18, 2018
Authored by Google Security Research, lokihardt

Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.

tags | exploit
advisories | CVE-2018-0980
MD5 | 09442d487262053ca44c67ade9eacecb
Microsoft Windows Token Process Trust SID Access Check Bypass Privilege Escalation
Posted May 15, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a token process trust SID access check bypass elevation of privilege vulnerability.

tags | exploit
systems | windows
advisories | CVE-2018-8134
MD5 | ace4fe2f42f537091fcddcf5ec0fcb58
Chrome V8 Object Allocation Size Integer Overflow
Posted May 4, 2018
Authored by Google Security Research, Mark Brand

Chrome V8 suffers from an integer overflow vulnerability in object allocation size.

tags | exploit, overflow
advisories | CVE-2018-6065
MD5 | d354d3af55153261405bf964d6202de1
Chrome V8 ObjectDescriptor Class Bug
Posted May 4, 2018
Authored by Google Security Research, lokihardt

Chrome V8 has a bug in the ObjectDescriptor class.

tags | advisory
MD5 | eb7d7ce8d537b4c677c0f9783ad86bd4
macOS Double mach_port_deallocate In kextd
Posted May 1, 2018
Authored by Google Security Research, ianbeer

macOS suffers from a double mach_port_deallocate in kextd due to failure to comply with MIG ownership rules.

tags | exploit
advisories | CVE-2018-4139
MD5 | 3ed950f3129994df12395fa85baf3812
macOS/iOS ReportCrash Mach Port Replacement
Posted May 1, 2018
Authored by Google Security Research, ianbeer

macOS/iOS ReportCrash suffers from a mach port replacement due to failure to respect MIG ownership rules.

tags | exploit
systems | cisco, ios
advisories | CVE-2018-4206
MD5 | afd5e9434d99e4e48e8d1ec634a2c115
Linux RNG Flaws
Posted May 1, 2018
Authored by Google Security Research, jannh

There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot.

tags | exploit
advisories | CVE-2018-1108
MD5 | 93e3958beacb3afdef525c4ced0c559b
WebKit WebCore::jsElementScrollHeightGette Use-After-Free
Posted May 1, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.

tags | exploit
systems | apple
advisories | CVE-2018-4200
MD5 | 35af2b53d57b81fe5f7927312787ad3f
Google Chrome V8 AwaitedPromise Update Bug
Posted Apr 26, 2018
Authored by Google Security Research, lokihardt

Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.

tags | exploit, javascript
advisories | CVE-2018-6106
MD5 | eb56f2216b0ca1318d166d23fcad7b4c
Google Chrome V8 Arrow Function Scope Fixing Bug
Posted Apr 26, 2018
Authored by Google Security Research, lokihardt

Google Chrome V8 suffers from an arrow function scope fixing bug.

tags | exploit
MD5 | 4d52efa2602d737aaf7180cc2543c06c
Adobe Flash Blur Filtering Out-Of-Bounds Write
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a blur filtering out of bounds write vulnerability.

tags | exploit
advisories | CVE-2018-4937
MD5 | 88c1fee8c2461e70f8fb6ccd45168207
Adobe Flash Image Inflation Information Disclosure
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from an image inflation information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-4934
MD5 | 5a8202b546643e77eb7e2ebee544e14c
Adobe Flash Sound Playing Overflow
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a sound playing overflow.

tags | exploit, overflow
advisories | CVE-2018-4936
MD5 | 764b0bb1ef3ed5a38a8acdb4c7362484
Adobe Flash Slab Rendering Overflow
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a slab rendering overflow.

tags | exploit, overflow
advisories | CVE-2018-4935
MD5 | b512de2dc1d1e5461cd3384d37330c84
Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion
Posted Apr 21, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.

tags | exploit
MD5 | d8ca369d4de256bff5cc0437ef5167b1
Microsoft Windows WLDP CLSID Policy .NET COM Instantiation UMCI Bypass
Posted Apr 19, 2018
Authored by James Forshaw, Google Security Research

The enlightened Windows Lockdown Policy check for COM Class instantiation can be bypassed by using a bug in .NET leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).

tags | exploit, arbitrary, code execution
systems | windows
MD5 | 9af4ae4b97751a5713a7402ad0feb6c6
Microsoft Edge OpenProcess() ACG Bypass
Posted Apr 17, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass vulnerability with OpenProcess().

tags | exploit, bypass
MD5 | 0872aa70743c4a85442779d23b9462d1
Microsoft Windows Kernel nt!NtQueryVirtualMemory Stack Memory Disclosure
Posted Apr 17, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a 64-bit stack memory disclosure vulnerability in nt!NtQueryVirtualMemory (MemoryImageInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0968
MD5 | d945b68fdd1c9e8436634fd2987bc3c8
Page 1 of 44
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    7 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    40 Files
  • 23
    May 23rd
    64 Files
  • 24
    May 24th
    55 Files
  • 25
    May 25th
    16 Files
  • 26
    May 26th
    17 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close