what you don't know can hurt you
Showing 1 - 25 of 1,649 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2022-01-24
XNU Kernel mach_msg Use-After-Free
Posted Jan 24, 2022
Authored by Google Security Research, ianbeer

The XNU kernel suffers from a use-after-free vulnerability in mach_msg.

tags | exploit, kernel
advisories | CVE-2021-30949
MD5 | eb1b8067af59bf13ac79b38151184bb3
Chrome IPC::ChannelAssociatedGroupController Memory Corruption
Posted Jan 13, 2022
Authored by Google Security Research, Glazvunov

Chrome suffers from a memory corruption vulnerability in IPC::ChannelAssociatedGroupController due to interface ID reuse.

tags | exploit
advisories | CVE-2021-4098
MD5 | 97649e149f12ef8107db4bccd41ca04b
Microsoft Windows EFSRPC Arbitrary File Upload / Privilege Escalation
Posted Jan 13, 2022
Authored by James Forshaw, Google Security Research

The EFSRPC service on Microsoft Windows Server versions 2019 and 2022 does not prevent a caller specifying a local device path allowing any authenticated user to upload arbitrary files to a server.

tags | exploit, arbitrary, local
systems | windows
advisories | CVE-2021-43893
MD5 | afc6cc4bf0749f217e9277351f3b9e94
Apple ColorSync Out-Of-Bounds Read
Posted Jan 13, 2022
Authored by Google Security Research, mjurczyk

Apple ColorSync suffers from out-of-bounds read vulnerabilities due to integer overflows in curve table initialization.

tags | exploit, overflow, vulnerability
systems | apple
advisories | CVE-2021-30942
MD5 | 84c5799cdeb17422cda00d47aa2a035e
Linux Garbage Collection Memory Corruption
Posted Jan 10, 2022
Authored by Jann Horn, Google Security Research

Linux suffers from a garbage collection memory corruption vulnerability by resurrecting a file reference through RCU.

tags | exploit
systems | linux
advisories | CVE-2021-4083
MD5 | 78b6ea0bece0d083ab283dbd9b1ddddc
Chrome storage::BlobURLStoreImpl::Revoke Heap Use-After-Free
Posted Jan 7, 2022
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free vulnerability in storage::BlobURLStoreImpl::Revoke.

tags | exploit
advisories | CVE-2021-4057
MD5 | 9508eb34d70ae4744377e65d5887e0f3
XNU inm_merge Heap Use-After-Free
Posted Jan 6, 2022
Authored by Google Security Research, Glazvunov

XNU suffers from a heap use-after-free vulnerability in inm_merge.

tags | exploit
advisories | CVE-2021-30937
MD5 | 3ec63d1165d612be123d24c26b9e5ca0
Zoom MMR Server Information Leak
Posted Jan 3, 2022
Authored by Google Security Research, natashenka

Zoom suffers from an information leak vulnerability in the MMR server.

tags | exploit
advisories | CVE-2021-34424
MD5 | a1a7ee497b8b7df8379e96cb3d4ae80a
Zoom Chat Message Processing Buffer Overflow
Posted Jan 3, 2022
Authored by Google Security Research, natashenka

Zoom suffers from a buffer overflow vulnerability related to the processing of chat message.

tags | exploit, overflow
advisories | CVE-2021-34423
MD5 | e546f41250fa0f94c7fcc6018501de40
Android VM_MAYWRITE Access To Shared Zygote JIT Mapping
Posted Dec 17, 2021
Authored by Jann Horn, Google Security Research

This bug report describes a vulnerability in ART that allows normal applications to insert arbitrary code into unused executable memory in zygote and other applications.

tags | exploit, arbitrary
advisories | CVE-2021-0959
MD5 | 8485539d964fd35ecf94557cacb68903
Google OSS Fuzz
Posted Dec 17, 2021
Authored by Google Security Research | Site google.github.io

Google's OSS Fuzz tool aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.

tags | tool, fuzzer
MD5 | fef4e50268b784c684435d940f079c7e
Chrome NavigationPreloadRequest Site Isolation Bypass
Posted Dec 16, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a site isolation bypass vulnerability in NavigationPreloadRequest.

tags | exploit, bypass
advisories | CVE-2021-38010
MD5 | 79cec0e9bbab06da069bc3e1a41127e4
Chrome ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread Heap Use-After-Free
Posted Dec 16, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free vulnerability in ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread.

tags | exploit
advisories | CVE-2021-38005
MD5 | 970ce6283c7d9f02e474b4ef93003566
Chrome blink::NativeIOFile::DoRead Heap Use-After-Free
Posted Dec 16, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free vulnerability in blink::NativeIOFile::DoRead.

tags | exploit
advisories | CVE-2021-38006
MD5 | e51b3f4d20f95cd97c31e2cfc01a4df7
runc / libcontainer Bind Mount Sources Insecure Handling
Posted Dec 6, 2021
Authored by Google Security Research, Felix Wilhelm

The recent commit #9c4440 introduces two vulnerabilities to libcontainer that can be exploited by an attacker with partial control over the bind mount sources of a new container.

tags | exploit, vulnerability
advisories | CVE-2021-43784
MD5 | 7de968fb3e742581314cf7629bfd1f9c
Android vold Unsafe Mounting
Posted Dec 2, 2021
Authored by Jann Horn, Google Security Research

Android's vold's incremental-fs APIs trust paths from system_server for mounting. There is supposed to be privilege separation between vold (TCB) and system_server (privileged process). However, vold's IPC handlers related to incremental-fs (mountIncFs, unmountIncFs, bindMount) allow system_server to specify semi-arbitrary paths, allowing system_server to trigger mounting on directories that shouldn't be under system_server control.

tags | exploit, arbitrary
advisories | CVE-2022-20002
MD5 | 28fb6ce55ef07cbdb3ed3c6e2997f68d
NSS Signature Validation Memory Corruption
Posted Dec 1, 2021
Authored by Tavis Ormandy, Google Security Research

NSS (Network Security Services), Mozilla project's cross-platform security library, suffers from a memory corruption flaw when validating ECDSA signatures.

tags | exploit
advisories | CVE-2021-43527
MD5 | 5166911d2f1f55ae05e8bf3fb9914042
Apple ColorSync CMMNDimLinear::Interpolate Uninitialized Memory
Posted Nov 24, 2021
Authored by Google Security Research, mjurczyk

Apple ColorSync suffers from a use of uninitialized memory in CMMNDimLinear::Interpolate.

tags | exploit
systems | apple
advisories | CVE-2021-30917
MD5 | adb6e755eddd6edbb2599dcfeeefff61
Samsung NPU (Neural Processing Unit) Memory Corruption
Posted Nov 23, 2021
Authored by Google Security Research, hawkes

Samsung NPU (Neural Processing Unit) suffers from a memory corruption vulnerability in shared memory parsing.

tags | exploit
MD5 | 6afdb4402bb5a568057a8d66184fffac
KVM SVM Out-Of-Bounds Read/Write
Posted Nov 22, 2021
Authored by Google Security Research, Felix Wilhelm

A KVM guest using SEV-ES (Secure Encrypted Virtualization - Encrypted State) can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT using the exit reason SVM_EXIT_IOIO.

tags | advisory, kernel
MD5 | 24767f69b195bc395343e5e0783896f5
Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free
Posted Nov 18, 2021
Authored by Jann Horn, Google Security Research

Linux suffered from a use-after-free read vulnerability related to an SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()). This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249, 4.4.288, and 4.9.286.

tags | exploit
systems | linux
MD5 | 814de16a8e850b47ecca6eb0680d6e00
Microsoft Windows WSAQuerySocketSecurity AppContainer Privilege Escalation
Posted Nov 11, 2021
Authored by James Forshaw, Google Security Research

The WSAQuerySocketSecurity API returns full anonymous impersonation tokens for connected peers in an AppContainer leading to a sandbox escape.

tags | exploit
advisories | CVE-2021-40476
MD5 | ade1ded7ab08f8d11cd681665642d7ea
Android NFC Type Confusion
Posted Oct 29, 2021
Authored by Google Security Research, nedwill

Android NFC suffers from a type confusion vulnerability due to a race condition during a tag type change.

tags | exploit
advisories | CVE-2021-0870
MD5 | 494a9f73dba12ce43174446f59b9df77
Linux SELinux PTRACE_TRACEME Handler Use-After-Free
Posted Oct 26, 2021
Authored by Jann Horn, Google Security Research

Linux suffers from a use-after-free read in the SELinux handler for PTRACE_TRACEME.

tags | exploit
systems | linux
MD5 | afc595f0a0d266cd0be01d4bd803c343
Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation
Posted Oct 22, 2021
Authored by James Forshaw, Google Security Research

The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems.

tags | exploit
systems | windows
MD5 | 19bf4133c3ff6d58a5febb0a150ebaf7
Page 1 of 66
Back12345Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close