what you don't know can hurt you
Showing 1 - 25 of 1,503 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2020-06-03
Node.js Hostname Verification Bypass
Posted Jun 3, 2020
Authored by FX, Google Security Research

Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.

tags | exploit
MD5 | 9bde5356a44eb307d096d404cbcdc1d0
JSC JIT Out-Of-Bounds Access
Posted Jun 3, 2020
Authored by saelo, Google Security Research

The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.

tags | exploit
advisories | CVE-2020-9802
MD5 | 0b1a6974a8c2118b0cb88077ae99fe29
Avast Array.prototype.toString Out-Of-Bounds Copy
Posted Jun 1, 2020
Authored by Tavis Ormandy, Google Security Research

Avast suffers from an out-of-bounds copy vulnerability in Array.prototype.toString.

tags | exploit
MD5 | 59b15e0413a1cb080644249586af9699
Firefox Default Content Process DACL Sandbox Escape
Posted May 28, 2020
Authored by James Forshaw, Google Security Research

The Firefox content processes do not sufficiently lockdown access control which can result in a sandbox escape.

tags | exploit
advisories | CVE-2020-12388
MD5 | 1b90a8f7ec30889bdb9321cdf60bc14e
SecureCRT Memory Corruption
Posted May 15, 2020
Authored by Tavis Ormandy, Google Security Research

SecureCRT suffers from a memory corruption vulnerability in CSI functions.

tags | exploit
advisories | CVE-2020-12651
MD5 | e90a6d22c2cdbe99b5796b3c3e382581
Adobe DNG SDK Memory Corruption
Posted May 12, 2020
Authored by Google Security Research, mjurczyk

Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.

tags | exploit
MD5 | 8765bb50cd9ee3abccbc2fb01d8b87fe
Adobe DNG SDK dng_lossless_decoder::DecodeImage Out-Of-Bounds Read
Posted May 12, 2020
Authored by Google Security Research, mjurczyk

Adobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.

tags | exploit, arbitrary
MD5 | a7f302c6df4c350ca29113200164e83b
Chrome Typer::Visitor::TypeInductionVariablePhi Type Inference
Posted May 12, 2020
Authored by Google Security Research, Glazvunov, Tim Willis

Chrome suffers from a Typer::Visitor::TypeInductionVariablePhi type inference issue.

tags | exploit
MD5 | 293e69e50741f8cbad5283dac07b0c15
Linux 5.6 IORING_OP_MADVISE Race Condition
Posted May 8, 2020
Authored by Jann Horn, Google Security Research

Linux 5.6 has an issue with IORING_OP_MADVISE racing with coredumping.

tags | exploit
systems | linux
MD5 | 48173960a553b8ac2d2d1b4706631456
Linux futex+VFS Use-After-Free
Posted May 8, 2020
Authored by Jann Horn, Google Security Research

Linux futex+VFS suffers from an improper inode reference in get_futex_key() that causes a use-after-free if the superblock goes away.

tags | exploit
systems | linux
MD5 | b10f0f2bf1162cf416ade38ced936f86
Samsung Android Remote Code Execution
Posted May 8, 2020
Authored by Google Security Research, mjurczyk

Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2020-8899
MD5 | 3f9f4d5bfc619d4b462f0ef931e31a05
Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access
Posted May 1, 2020
Authored by Google Security Research, Glazvunov

Firefox suffers from an out-of-bounds access vulnerability in js::ReadableStreamCloseInternal.

tags | exploit
advisories | CVE-2020-6806
MD5 | e4939c663c04ebd98c353cdec851448a
Chrome ReadableStream::Close Out-Of-Bounds Access
Posted Apr 28, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from an out-of-bounds access vulnerability in ReadableStream::Close.

tags | exploit
advisories | CVE-2020-6390
MD5 | 4c46f95d1539b549419377053d9c4c19
WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access
Posted Apr 23, 2020
Authored by Google Security Research, Glazvunov

WebKit has a data race condition in AudioArray::allocate that can lead to out-of-bounds access.

tags | exploit
advisories | CVE-2020-3894
MD5 | c2a83f90664d44d8317ce95d7a23c445
WebRTC Layer Info Out-Of-Bounds Write
Posted Apr 23, 2020
Authored by Google Security Research, natashenka

WebRTC suffers from an out-of-bounds memory write in the method RtpFrameReferenceFinder::UpdateLayerInfoH264. This occurs when updating the layer info with the frame marking extension.

tags | exploit
MD5 | 8491bafa68aebbbeaeec3108e1ccc8fa
Chrome AudioArray::Allocate Data Race / Out-Of-Bounds Access
Posted Apr 23, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from an issue where a data race in AudioArray::Allocate can lead to out-of-bounds access.

tags | exploit
advisories | CVE-2020-6388
MD5 | 4fdac360982c541290848cba88dc91c7
WebRTC FEC Extension Processing Out-Of-Bounds Write
Posted Apr 23, 2020
Authored by Google Security Research, natashenka

When WebRTC processes a packet using FEC, it does not adequately check bounds when zeroing the video timing extension.

tags | exploit
MD5 | e7646bc10c00f9249d8d1cbc7ec9e677
haproxy hpack-tbl.c Out-Of-Bounds Write
Posted Apr 21, 2020
Authored by FX, Google Security Research

The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).

tags | exploit, web
advisories | CVE-2020-11100
MD5 | ec4200ed138e11159b83e1a1d18ff6d3
Git Credential Helper Protocol Newline Injection
Posted Apr 15, 2020
Authored by FX, Google Security Research

A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.

tags | exploit, protocol
advisories | CVE-2020-5260
MD5 | c958ad3ac0a7a989d1f7f2c9f24fadb6
Microsoft Windows SE_SERVER_SECURITY Security Descriptor Owner Privilege Escalation
Posted Apr 15, 2020
Authored by James Forshaw, Google Security Research

In Microsoft Windows, by using the poorly documented SE_SERVER_SECURITY Control flag it is possible to set an owner different to the caller, bypassing security checks.

tags | exploit
systems | windows
MD5 | 5d3f5584e58e6901a002f9377a06e10b
Microsoft Windows NtFilterToken ParentTokenId Incorrect Setting Privilege Escalation
Posted Apr 15, 2020
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from an NtFilterToken ParentTokenId incorrect setting that allows for elevation of privileges.

tags | exploit
systems | windows
advisories | CVE-2020-0981
MD5 | 86b3a43f0e04663a4647981a2e122e3f
Linux Omitted TID Increment
Posted Apr 10, 2020
Authored by Jann Horn, Google Security Research

Linux has an issue where the SLUB bulk allocation slowpath omits a required TID increment.

tags | exploit
systems | linux
MD5 | b56ff43167ac1143eeafa23f56b39a25
Linux 5.3 Insecure Root Path Handling
Posted Apr 10, 2020
Authored by Jann Horn, Google Security Research

Linux versions 5.3 and above appear to have an issue where io_uring suffers from insecure handling of the root directory for path lookups.

tags | exploit, root
systems | linux
MD5 | cd4620f1e39d2b19219c64ba6facc1f3
ShaderCache Arbitrary File Creation / Privilege Escalation
Posted Mar 16, 2020
Authored by James Forshaw, Google Security Research

The shared ShaderCache directory can be exploited to create an arbitrary file on the file system leading to elevation of privilege.

tags | exploit, arbitrary
advisories | CVE-2020-0516
MD5 | b6ec5dd1ecead03cc6ab5a667386a03f
Chrome BlobURLStoreImpl::Register Site Isolation Bypass
Posted Mar 12, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from a site isolation bypass in BlobURLStoreImpl::Register.

tags | exploit
MD5 | 3e8dfcf917baeca2c7394db3b67aac13
Page 1 of 61
Back12345Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    15 Files
  • 4
    Jun 4th
    25 Files
  • 5
    Jun 5th
    8 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close