what you don't know can hurt you
Showing 1 - 25 of 1,436 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2019-11-11
Adobe Acrobat Reader DC For Windows Malformed OTF Font Uninitialized Pointer
Posted Nov 11, 2019
Authored by Google Security Research, mjurczyk

An issue exists where Adobe Acrobat Reader DC for Windows makes use of an uninitialized pointer due to a malformed OTF font (CFF table).

tags | exploit
systems | windows
advisories | CVE-2019-8196
MD5 | bae53b75b8cc138268f5e6384fcb5d63
Adobe Acrobat Reader DC For Windows Malformed JBIG2Globals Stream Uninitialized Pointer
Posted Nov 11, 2019
Authored by Google Security Research, mjurczyk

An issue exists with Adobe Acrobat Reader DC for Windows use of an uninitialized pointer due to malformed JBIG2Globals stream.

tags | exploit
systems | windows
advisories | CVE-2019-8195
MD5 | 2e0983da88e101353889315463cb5bd1
iMessage NSSharedKeyDictionary Decode Out-Of-Bounds Read
Posted Nov 11, 2019
Authored by saelo, Google Security Research

iMessage suffers from an issue where decoding NSSharedKeyDictionary can lead to out-of-bounds reads.

tags | advisory
advisories | CVE-2019-8746
MD5 | a2b5e05c79091ab5459b0ba4514324d3
iMessage NSSharedKeyDictionary Decode Incorrect Address Read
Posted Nov 11, 2019
Authored by saelo, Google Security Research

iMessage suffers from an issue where decoding NSSharedKeyDictionary can read an ObjC object at attacker controlled address.

tags | exploit
advisories | CVE-2019-8641, CVE-2019-8662
MD5 | 44b9493651f02f67170dee4980389e1a
Chrome Site Isolation Bypass / File Disclosure
Posted Nov 8, 2019
Authored by Google Security Research, Glazvunov

The Chrome Payment Handler API suffers from site isolation bypass and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability
MD5 | a0e44b48eda93d22f89c1bb42d02f804
WebKit NodeRareData::m_connectedFrameCount Integer Overflow / UXSS / Type Confusion
Posted Nov 7, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from an integer overflow in NodeRareData::m_connectedFrameCount that can lead to universal cross site scripting and type confusion.

tags | exploit, overflow, xss
advisories | CVE-2019-8822
MD5 | ab1e8dd57e42d668deb196080d883ef1
XNU Missing Locking Race Condition
Posted Nov 5, 2019
Authored by Jann Horn, Google Security Research

XNU has an issue where missing locking in checkdirs_callback() enables a race condition with fchdir_common().

tags | exploit
MD5 | 85e06607829ab208006bfe5a5ef59847
WebKit JSObject::putInlineSlow / JSValue::putToPrimitive Universal XSS
Posted Nov 5, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from a universal cross site scripting vulnerability in JSObject::putInlineSlow and JSValue::putToPrimitive.

tags | exploit, xss
MD5 | 892e0418e043bd54adfbb3915904b063
JSC Argument Object Reconstruction Type Confusion
Posted Nov 5, 2019
Authored by saelo, Google Security Research

JSC suffers from a type confusion vulnerability during bailout when reconstructing arguments objects.

tags | exploit
advisories | CVE-2019-8820
MD5 | 6a4caa0c9a9e7558705c23bf516ebff4
JavaScriptCore GetterSetter Type Confusion
Posted Oct 30, 2019
Authored by saelo, Google Security Research

JavaScriptCore (JSC) GetterSetter suffers from a type confusion vulnerability during DFG compilation.

tags | exploit
advisories | CVE-2019-8765
MD5 | 63f1952a7a692ab451a162d31ee902ed
Microsoft Windows Insecure CSharedStream Object Privilege Escalation
Posted Oct 28, 2019
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from an insecure CSharedStream object privilege escalation vulnerability.

tags | exploit
systems | windows
MD5 | 687f585eaab9feeb5d38e13cc05c1c00
WebKit HTMLFrameElementBase::isURLAllowed Universal Cross Site Scripting
Posted Oct 28, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from an HTMLFrameElementBase::isURLAllowed universal cross site scripting vulnerability.

tags | exploit, xss
MD5 | ef966e699de1dd172f00de299de7c0a2
Adobe Acrobat Reader DC For Windows JP2 Stream Buffer Overflow
Posted Oct 16, 2019
Authored by Google Security Research, mjurczyk

Adobe Acrobat Reader DC for Windows suffers from a heap-based buffer overflow vulnerability that can be leveraged via malformed JP2 streams.

tags | exploit, overflow
systems | windows
advisories | CVE-2019-8197
MD5 | 6d502d5ca8f705d8234dd901fb623916
Visual Studio Code Remote Debugger Enabled
Posted Oct 11, 2019
Authored by Tavis Ormandy, Google Security Research

Visual Studio Code enables its remote debugger by default when installed.

tags | exploit, remote
MD5 | e2bed7919efd579b180ac1c498c16541
Microsoft Windows Kernel nt!MiRelocateImage Out-Of-Bounds Read
Posted Oct 10, 2019
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in nt!MiRelocateImage while parsing a malformed PE file.

tags | exploit, kernel
systems | windows
advisories | CVE-2019-1347
MD5 | b11e264135a1ee9c14ee6d0a6b9be23a
Microsoft Windows Kernel CI!HashKComputeFirstPageHash Out-Of-Bounds Read
Posted Oct 10, 2019
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in CI!HashKComputeFirstPageHash while parsing a malformed PE file.

tags | exploit, kernel
systems | windows
advisories | CVE-2019-1346
MD5 | 2b4d1890b1779ec523e266b0696a2645
Microsoft Windows Kernel nt!MiParseImageLoadConfig Out-Of-Bounds Read
Posted Oct 10, 2019
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from an out-of-bounds read in nt!MiParseImageLoadConfig while parsing a malformed PE file.

tags | exploit, kernel
systems | windows
advisories | CVE-2019-1345
MD5 | ed96bcdeedbf757ded338f82d7252f0d
Microsoft Windows Kernel CI!CipFixImageType Out-Of-Bounds Read
Posted Oct 10, 2019
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in CI!CipFixImageType while parsing a malformed PE file.

tags | exploit, kernel
systems | windows
advisories | CVE-2019-1344
MD5 | 234236a84a29251053125f4a4e7b7d46
Microsoft Windows Kernel nt!MiOffsetToProtos NULL Pointer Dereference
Posted Oct 10, 2019
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a null pointer dereference vulnerability in nt!MiOffsetToProtos while parsing a malformed PE file.

tags | exploit, kernel
systems | windows
advisories | CVE-2019-1343
MD5 | 00131f510a52f3d940c140421ce76ea4
Microsoft Windows Kernel win32k.sys TTF Font Processing win32k!ulClearTypeFilter Pool Corruption
Posted Oct 10, 2019
Authored by Google Security Research, mjurczyk

Microsoft Windows Kernel suffers from a TTF font processing win32k!ulClearTypeFilter pool corruption vulnerability in win32k.sys.

tags | exploit, kernel
systems | windows
advisories | CVE-2019-1364
MD5 | 119f19b3c20bb86e4d4a2c8e4636479c
WebKit FrameLoader::clear Same-Origin Policy Bypass
Posted Oct 8, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from a same-origin policy bypass vulnerability in FrameLoader::clear.

tags | exploit, bypass
MD5 | 68c6220522a24fcd9a591457a3c19b6f
XNU Data Race Remote Double-Free
Posted Oct 7, 2019
Authored by Jann Horn, Google Security Research

XNU suffers from a remote double-free vulnerability due to a data race in IPComp input path.

tags | exploit, remote
advisories | CVE-2019-8717
MD5 | f107571d24ce915ad24992a19c351dc1
Signal Forced Call Acceptance
Posted Oct 5, 2019
Authored by Google Security Research, natashenka

There is a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up.

tags | exploit
MD5 | cfd5f34a2c4720cf69df48f6e4d12c1c
Android Binder Driver Use-After-Free
Posted Oct 4, 2019
Authored by Google Security Research, Maddie Stone

Android suffers from a use-after-free vulnerability in the binder driver at /drivers/android/binder.c.

tags | exploit
advisories | CVE-2019-2215
MD5 | 0de8384215b8df385b050005e3962884
WebKit Cached Pages Universal Cross Site Scripting
Posted Oct 1, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from a universal cross site scripting vulnerability using cached pages.

tags | exploit, xss
MD5 | feb75421e7efde640b47418cf364c390
Page 1 of 58
Back12345Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close