Twenty Year Anniversary
Showing 1 - 25 of 1,184 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2018-10-19
Apple Intel GPU Driver Use-After-Free / Double-Delete
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

The Apple Intel GPU driver suffers from use-after-free and double-delete issues due to bad locking.

tags | advisory
systems | apple
advisories | CVE-2018-4334
MD5 | b351e27cbcb6569d7e176048b1d1639f
iOS / macOS HID Event System Sandbox Escape
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffers from a sandbox escape due to trusted length field in shared memory used by the HID event subsystem.

tags | advisory
systems | ios
MD5 | d02085ca3eebe96590a6bfad12954bf6
iOS copyin Check Kernel Stack Memory Disclosure
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS suffers from a kernel stack memory disclosure due to failure to check copyin return value.

tags | advisory, kernel
systems | cisco, ios
advisories | CVE-2018-4363
MD5 | dabae5d2d2f7dfbc02093d00e56e96e6
iOS / macOS MIG Object Lifetime Semantics Sandbox Escape
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffer from a sandbox escape vulnerability due to failure to comply with MIG object lifetime semantics in the iohideventsystem_client subsystem.

tags | advisory
systems | apple
MD5 | b9de50e80a2ea80f7f9468bd16b597e3
iOS / macOS MIG Sandbox Escape
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffer from sandbox escape vulnerabilities due to MIG failing to use correct out-of-line descriptor lengths when parsing reply messages.

tags | advisory, vulnerability
systems | ios
MD5 | 4f22a8f810b85991d35e76ab7b9861b4
iOS / macOS IOHIDResourceQueue::enqueueReport Integer Overflow
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffers from a kernel memory corruption vulnerability due to integer overflow in IOHIDResourceQueue::enqueueReport.

tags | advisory, overflow, kernel
MD5 | eaf771ae19474d20de705e51b77b51d3
iOS / macOS Mach Message Sandbox Escape
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffers from a sandbox escape vulnerability due to mach message sent from shared memory.

tags | advisory
systems | ios
MD5 | 212667e2b57588da87c0742e251ac563
iOS Kernel Personas Use-After-Free
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

The iOS kernel suffers from a use-after-free vulnerability due to bad error handling in personas.

tags | advisory, kernel
systems | ios
advisories | CVE-2018-4337
MD5 | 00aa8ae882f2b6020f3e4a12749da1ee
Ghostscript 1Policy Dangerous Access To Operator
Posted Oct 18, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.

tags | advisory
advisories | CVE-2018-18284
MD5 | f6013aa13df201f50c343927fca57dcd
Linux BPF Verifier Failed Truncation
Posted Oct 18, 2018
Authored by Jann Horn, Google Security Research

The Linux BPF verifier has an issue where 32-bit RSH verification does not truncate input before the ALU op.

tags | advisory
systems | linux
advisories | CVE-2018-18445
MD5 | 373edc458d7e0a3a57e28573408ae811
Linux Semi-Arbitrary Task Stack Read On ARM64 / x86
Posted Oct 18, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a semi-arbitrary task stack read on ARM64 (and x86) via /proc/$pid/stack.

tags | advisory, arbitrary, x86
systems | linux
MD5 | 7100e417a396e293988088f73c3b7c3a
Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation
Posted Oct 18, 2018
Authored by Google Security Research, Mark Brand

Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.

tags | advisory
advisories | CVE-2018-16068
MD5 | 08315707021518b918593c1b05081689
Microsoft Windows FSCTL_FIND_FILES_BY_SID Information Disclosure
Posted Oct 16, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.

tags | exploit
systems | windows
advisories | CVE-2018-8411
MD5 | 1ad1fd11e41df6d259aeb00e3e6cc367
Ghostscript .loadfontloop Exposed System Operators
Posted Oct 15, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an issue where .loadfontloop exposes system operators in the saved execution stack.

tags | advisory
MD5 | 8ee6daa56e7b3cbcf912ca5433934a03
Ghostscript executeonly Bypass
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an executeonly bypass with errorhandler setup.

tags | exploit
advisories | CVE-2018-17961
MD5 | de8be7c4957ab4b3c8a37259c65b3c84
WhatsApp RTP Processing Heap Corruption
Posted Oct 11, 2018
Authored by Google Security Research, natashenka

WhatsApp suffers from a heap corruption vulnerability in RTP processing.

tags | exploit
MD5 | f6b01d303fe816031bf7b45feaa16a08
Microsoft Edge Chakra JIT Type Confusion Bug
Posted Oct 11, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra JIT type confusion bug.

tags | exploit
advisories | CVE-2018-8467
MD5 | 6fbef805082788dae5a43414514f7830
Microsoft Edge Chakra JIT BailOutOnInvalidatedArrayHeadSegment Check Bypass
Posted Oct 11, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra JIT BailOutOnInvalidatedArrayHeadSegment check bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-8466
MD5 | 7f812f298d3183ada0ed61bc7dbd7d82
gsview -dSAFER Not Used
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

gsview does not run -dSAFER, allowing for the execution of arbitrary code.

tags | advisory, arbitrary
MD5 | bc269c0811f9b687fc29e4ed1a486a78
Ghostscript Exposed System Operators
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue where an error object can expose system operators in the saved execution stack.

tags | advisory
advisories | CVE-2018-18073
MD5 | f076ce456ca16868992ed63958eaa396
Android current-fs Improper Locking
Posted Oct 8, 2018
Authored by Jann Horn, Google Security Research

Android sdcardfs changes current->fs without proper locking.

tags | exploit
advisories | CVE-2018-9515
MD5 | 30d07510d647a3e253ccd32f80cd1b03
Linux Kernel PTR Leak Via BPF
Posted Oct 5, 2018
Authored by Jann Horn, Google Security Research

The Linux kernel suffers from a ptr leak via BPF due to a broken subtraction check.

tags | exploit, kernel
systems | linux
MD5 | 3c1a45fa16b073a790adbcf32e65e7e7
Chrome OS /sbin/crash_reporter Symlink Traversal
Posted Oct 5, 2018
Authored by Jann Horn, Google Security Research

Chrome OS suffers from a /sbin/crash_reporter symlink traversal vulnerability.

tags | exploit
MD5 | c687c89c005c3b62a720e1c1f587693f
Debian/Ubuntu AppArmor evince Policy Bypass
Posted Oct 1, 2018
Authored by Jann Horn, Google Security Research

The Debian/Ubuntu AppArmor policy for evince in bypassable.

tags | exploit
systems | linux, debian, ubuntu
MD5 | 1b19708e83a1bfd77dfc118b056fc7ee
AppArmor Filesystem Blacklisting Bypass
Posted Sep 27, 2018
Authored by Jann Horn, Google Security Research

AppArmor has an issue where filesystem blacklisting can be bypassed by moving parents.

tags | exploit
MD5 | 639fa99eb3859f6045557741289c460b
Page 1 of 48
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close