what you don't know can hurt you
Showing 1 - 25 of 1,632 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2021-11-24
Apple ColorSync CMMNDimLinear::Interpolate Uninitialized Memory
Posted Nov 24, 2021
Authored by Google Security Research, mjurczyk

Apple ColorSync suffers from a use of uninitialized memory in CMMNDimLinear::Interpolate.

tags | exploit
systems | apple
advisories | CVE-2021-30917
MD5 | adb6e755eddd6edbb2599dcfeeefff61
Samsung NPU (Neural Processing Unit) Memory Corruption
Posted Nov 23, 2021
Authored by Google Security Research, hawkes

Samsung NPU (Neural Processing Unit) suffers from a memory corruption vulnerability in shared memory parsing.

tags | exploit
MD5 | 6afdb4402bb5a568057a8d66184fffac
KVM SVM Out-Of-Bounds Read/Write
Posted Nov 22, 2021
Authored by Google Security Research, Felix Wilhelm

A KVM guest using SEV-ES (Secure Encrypted Virtualization - Encrypted State) can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT using the exit reason SVM_EXIT_IOIO.

tags | advisory, kernel
MD5 | 24767f69b195bc395343e5e0783896f5
Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free
Posted Nov 18, 2021
Authored by Jann Horn, Google Security Research

Linux suffered from a use-after-free read vulnerability related to an SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()). This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249, 4.4.288, and 4.9.286.

tags | exploit
systems | linux
MD5 | 814de16a8e850b47ecca6eb0680d6e00
Microsoft Windows WSAQuerySocketSecurity AppContainer Privilege Escalation
Posted Nov 11, 2021
Authored by James Forshaw, Google Security Research

The WSAQuerySocketSecurity API returns full anonymous impersonation tokens for connected peers in an AppContainer leading to a sandbox escape.

tags | exploit
advisories | CVE-2021-40476
MD5 | ade1ded7ab08f8d11cd681665642d7ea
Android NFC Type Confusion
Posted Oct 29, 2021
Authored by Google Security Research, nedwill

Android NFC suffers from a type confusion vulnerability due to a race condition during a tag type change.

tags | exploit
advisories | CVE-2021-0870
MD5 | 494a9f73dba12ce43174446f59b9df77
Linux SELinux PTRACE_TRACEME Handler Use-After-Free
Posted Oct 26, 2021
Authored by Jann Horn, Google Security Research

Linux suffers from a use-after-free read in the SELinux handler for PTRACE_TRACEME.

tags | exploit
systems | linux
MD5 | afc595f0a0d266cd0be01d4bd803c343
Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation
Posted Oct 22, 2021
Authored by James Forshaw, Google Security Research

The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems.

tags | exploit
systems | windows
MD5 | 19bf4133c3ff6d58a5febb0a150ebaf7
WebKit DOMWindow::open Heap Use-After-Free
Posted Oct 14, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in DOMWindow::open.

tags | exploit
advisories | CVE-2021-30849
MD5 | fcb529386a430d5c97cf9addb3eafc75
WebKit EventHandler::keyEvent Heap Use-After-Free
Posted Oct 14, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in EventHandler::keyEvent.

tags | exploit
advisories | CVE-2021-30848
MD5 | 0f7868eaf28b9a9f6b987cd467e31156
WebKit PointerCaptureController::processPendingPointerCapture Heap Use-After-Free
Posted Oct 14, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in PointerCaptureController::processPendingPointerCapture.

tags | exploit
advisories | CVE-2021-30846
MD5 | 85982c0cc7c08c6c433738b10d8364c7
Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race
Posted Sep 22, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a HRTFDatabaseLoader::WaitForLoaderThreadCompletion data race condition.

tags | exploit
advisories | CVE-2021-30603
MD5 | 0aaadc59ac484d75a50e47a84bef9a4b
Internet Explorer JIT Optimization Memory Corruption
Posted Sep 10, 2021
Authored by Ivan Fratric, Google Security Research

Internet Explorer suffers from an issue where incorrect JIT optimization in jscript9.dll leads to memory corruption.

tags | exploit
advisories | CVE-2021-34480
MD5 | cfe73c3966a4fda1a054c3bbf8b40ca9
WebKit Element::dispatchMouseEvent Heap Use-After-Free
Posted Aug 19, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in Element::dispatchMouseEvent.

tags | exploit
advisories | CVE-2021-30799
MD5 | 00ae9f727423a384d7b2d0f6cc4fee8d
JavaScriptCore Crash Proof Of Concept
Posted Aug 19, 2021
Authored by Ivan Fratric, Google Security Research

JavaScriptCore suffers from a crash condition due to an uninitialized register in slow_path_profile_catch. Proof of concept that affects Safari is included.

tags | exploit, proof of concept
advisories | CVE-2021-30797
MD5 | e71c83e4865ffd73fb78888a127c18ef
WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free
Posted Aug 19, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy.

tags | exploit
advisories | CVE-2021-30795
MD5 | d78ada391f19ec5a1e1fe4607e66e169
Chrome JS WasmJs::InstallConditionalFeatures Object Corruption
Posted Aug 16, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a JS object corruption vulnerability in WasmJs::InstallConditionalFeatures.

tags | exploit
advisories | CVE-2021-30561
MD5 | 82306f20d8e71a874d0ad3ab78e2655a
Microsoft Windows Malicious Software Removal Tool Privilege Escalation
Posted Aug 9, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from unsafe temporary directory use with the Malicious Software Removal Tool that can lead to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2007-0843, CVE-2015-2418
MD5 | 5aed3041b0a73a2779b0e3f52d9274ad
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
Posted Jul 29, 2021
Authored by James Forshaw, Google Security Research

The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.

tags | exploit
advisories | CVE-2021-34470
MD5 | 5f885a87a9be3f10bfe9e9e4c08c923c
Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation
Posted Jul 20, 2021
Authored by James Forshaw, Google Security Research

The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.

tags | exploit, tcp
MD5 | 37069deaf47980f1a4c39f62bc13ce25
Tor Half-Closed Connection Stream Confusion
Posted Jul 15, 2021
Authored by Jann Horn, Google Security Research

Tor suffers from an issue where half-closed connection tracking ignores layer_hint and due to this, entry/middle relays can spoof RELAY_END cells on half-closed streams, which can lead to stream confusion between OP and exit.

tags | exploit, spoof
advisories | CVE-2021-34548
MD5 | e8e6c45ee71383e0832c1cb3f3a8c903
Microsoft Windows CreateProcessWithLogon Write Restricted Service Privilege Escalation
Posted Jul 14, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has an issue where you can use the CreateProcessWithLogon API to escape a write restricted service and achieve full write access as the service user.

tags | exploit
systems | windows
MD5 | 00f7a019dea4bf3a1d19442fae579890
XNU Network Stack Kernel Heap Overflow
Posted Jul 14, 2021
Authored by Google Security Research, ianbeer

XNU suffers from a network stack kernel heap overflow due to an out-of-bounds memmove in 6lowpan. Proof of concept code included.

tags | exploit, overflow, kernel, proof of concept
advisories | CVE-2020-9967, CVE-2021-30736
MD5 | 9333b7751aa7686ac0ca4c62a49c3d4e
MpEngine ASProtect Embedded Runtime DLL Memory Corruption
Posted Jul 8, 2021
Authored by Tavis Ormandy, Google Security Research

ASProtect embeds a runtime DLL that is susceptible to memory corruption. Crash testcase provided.

tags | exploit
advisories | CVE-2021-31985
MD5 | c5dfe0f9444bf0d36677505f5db2acdc
KVM nested_svm_vmrun Double Fetch
Posted Jun 30, 2021
Authored by Google Security Research, Felix Wilhelm

A KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will then trigger a second call to nested_svm_vmrun and corrupt svm->nested.hsave with data copied out of the L2 vmcb. For kernel versions that include the commit "2fcf4876: KVM: nSVM: implement on demand allocation of the nested state" (>=5.10), the guest can free the MSR permission bit in svm->nested.msrpm, while it's still in use and gain unrestricted access to host MSRs.

tags | exploit, kernel
advisories | CVE-2021-29657
MD5 | 814987fd3e7902c83f77c7f4aa4a3585
Page 1 of 66
Back12345Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    1 Files
  • 29
    Nov 29th
    11 Files
  • 30
    Nov 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close