Chrome suffers from floating-point precision errors in Swiftshader blitting.
7b98d22e3cda5e01a29a389816481305Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.
94c654dcb20a0856b832d97f6fed38a0Chrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.
b3eb960cb7d3278d871332f5993c7d6cLinux/Ubuntu suffers from a vulnerability where other users' coredumps can be read via a setgid directory and killpriv bypass.
643a11ef1ca33c7ad1aef476e210c8b8macOS and iOS suffer from a javascript injection bug in OfficeImporter.
8a77e3c5cc05866fe394bdbf6a928d1bMicrosoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions.
9b384b361e8b141c4703603f10a6db28Microsoft Edge Chakra JIT suffers from a bug. BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_NewTarget flag which indicates that there's an extra argument (new.target) at the end of the argument array. So the size of the new argument array created with the CallFlags_NewTarget flag will be always 1 less then required, this leads to an out-of-bounds read.
2e11fd2e309888dfb033653d982fdc23Microsoft Edge Chakra JIT suffers from multiple out of bounds reads and writes.
b73c99e652b5ab40ccfdf43c9715573bChrome V8 suffers from a bug in KeyAccumulator that can cause a crash.
9fee601d9a1d2470bc41cfa501ef0dbcAndroid suffers from multiple race condition vulnerabilities in the media.metrics service.
06121632506dfafd6c92c75072b912b0When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0.
52237ddbf09d9e8e93706408732deecfThe handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.
0c6e9aac6eb44da88353cc69fbad521fThe activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of arbitrary object directories leading to privilege escalation.
832f197845675cc7fc23e2136754692cMicrosoft Windows 10 version 1709 suffers from a child process restriction mitigation bypass vulnerability.
14320128fadf9ab6d9bdc495b2999b56Google Chrome suffers from an integer overflow vulnerability when processing WebAssembly Locals.
aeb83fd88c3d4231411f5990050f821cWebKit suffers from an information leak vulnerability in WebAssembly Compilation.
8a7060e2844a92fb8c612af806907919Chrome V8 has an element confusion issue with PromiseAllResolveElementClosure.
e846e2172648f118d3f2ff6689c37c64WebKit suffers from a use-after-free vulnerability when resuming generator.
bbd278c835aea19f068ff64534828d6bWebRTC VP9 missing frame processing suffers from an out-of-bounds memory access vulnerability.
00cc61e87f0625b4254896a0155f9fc3WebRTC VP9 frame processing a suffers from an out-of-bounds memory access vulnerability.
706e2d1ce513062e5e894376a2bfe8e7The macOS and iOS kernels suffer from a heap overflow due to a lack of lower size check in getvolattrlist.
8bc2ddee4be107c0fed7f5978e377f2cThe XNU kernel suffers from a heap overflow vulnerability due to bad bounds checking in MPTCP.
449d61519abf2905830578f282b2544cThe macOS kernel suffers from a use-after-free vulnerability due to a lack of locking in the nvidia GeForce driver.
9df96b20c281d23bcd8105e681608b33Linux Kernel versions prior to 4.16.11 suffer from an ext4_read_inline_data() memory corruption vulnerability.
ef90cc76075cfbbd5c9ca92c6da53bebMicrosoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.
ae691da69a6f584e9d6f3d6f325cc89e
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed