Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.
9bde5356a44eb307d096d404cbcdc1d0The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.
0b1a6974a8c2118b0cb88077ae99fe29Avast suffers from an out-of-bounds copy vulnerability in Array.prototype.toString.
59b15e0413a1cb080644249586af9699The Firefox content processes do not sufficiently lockdown access control which can result in a sandbox escape.
1b90a8f7ec30889bdb9321cdf60bc14eSecureCRT suffers from a memory corruption vulnerability in CSI functions.
e90a6d22c2cdbe99b5796b3c3e382581Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.
8765bb50cd9ee3abccbc2fb01d8b87feAdobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.
a7f302c6df4c350ca29113200164e83bChrome suffers from a Typer::Visitor::TypeInductionVariablePhi type inference issue.
293e69e50741f8cbad5283dac07b0c15Linux 5.6 has an issue with IORING_OP_MADVISE racing with coredumping.
48173960a553b8ac2d2d1b4706631456Linux futex+VFS suffers from an improper inode reference in get_futex_key() that causes a use-after-free if the superblock goes away.
b10f0f2bf1162cf416ade38ced936f86Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.
3f9f4d5bfc619d4b462f0ef931e31a05Firefox suffers from an out-of-bounds access vulnerability in js::ReadableStreamCloseInternal.
e4939c663c04ebd98c353cdec851448aChrome suffers from an out-of-bounds access vulnerability in ReadableStream::Close.
4c46f95d1539b549419377053d9c4c19WebKit has a data race condition in AudioArray::allocate that can lead to out-of-bounds access.
c2a83f90664d44d8317ce95d7a23c445WebRTC suffers from an out-of-bounds memory write in the method RtpFrameReferenceFinder::UpdateLayerInfoH264. This occurs when updating the layer info with the frame marking extension.
8491bafa68aebbbeaeec3108e1ccc8faChrome suffers from an issue where a data race in AudioArray::Allocate can lead to out-of-bounds access.
4fdac360982c541290848cba88dc91c7When WebRTC processes a packet using FEC, it does not adequately check bounds when zeroing the video timing extension.
e7646bc10c00f9249d8d1cbc7ec9e677The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).
ec4200ed138e11159b83e1a1d18ff6d3A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.
c958ad3ac0a7a989d1f7f2c9f24fadb6In Microsoft Windows, by using the poorly documented SE_SERVER_SECURITY Control flag it is possible to set an owner different to the caller, bypassing security checks.
5d3f5584e58e6901a002f9377a06e10bMicrosoft Windows suffers from an NtFilterToken ParentTokenId incorrect setting that allows for elevation of privileges.
86b3a43f0e04663a4647981a2e122e3fLinux has an issue where the SLUB bulk allocation slowpath omits a required TID increment.
b56ff43167ac1143eeafa23f56b39a25Linux versions 5.3 and above appear to have an issue where io_uring suffers from insecure handling of the root directory for path lookups.
cd4620f1e39d2b19219c64ba6facc1f3The shared ShaderCache directory can be exploited to create an arbitrary file on the file system leading to elevation of privilege.
b6ec5dd1ecead03cc6ab5a667386a03fChrome suffers from a site isolation bypass in BlobURLStoreImpl::Register.
3e8dfcf917baeca2c7394db3b67aac13
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed