Twenty Year Anniversary
Showing 1 - 25 of 1,147 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2018-09-20
WebRTC VP9 Processing Use-After-Free
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is a use-after-free vulnerability in VP9 processing in WebRTC.

tags | exploit
advisories | CVE-2018-16071
MD5 | 46a569d07b8a5affa552ca7aa5867a06
WebRTC FEC Out-Of-Bounds Read
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.

tags | exploit
advisories | CVE-2018-16083
MD5 | f5cc50595786ed774a0112b7002d39e0
Microsoft Windows NtEnumerateKey Privilege Escalation
Posted Sep 19, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2018-8410
MD5 | 4f74d58bd627bf009b466bba6d3ced66
Microsoft Windows CiSetFileCache TOCTOU Security Feature Bypass
Posted Sep 19, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2017-11830, CVE-2018-8449
MD5 | ec7d5c98907d960bda7e631701207804
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion
Posted Sep 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.

tags | exploit
advisories | CVE-2018-8384
MD5 | 5bdea5cae9762e60edfaa8a268f78dbb
Microsoft Edge Chakra JIT localeCompare Type Confusion
Posted Sep 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.

tags | exploit
advisories | CVE-2018-8355
MD5 | f4b3619f1626d973adb28bf93ce037e3
Linux dmesg Arbitrary Kernel Read
Posted Sep 13, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from an arbitrary kernel read into dmesg via a missing address check in the segfault handler.

tags | advisory, arbitrary, kernel
systems | linux
MD5 | 06e9283f3dd8c10929847de0f7b403d2
Chrome OS gRPC garcon Command Execution
Posted Sep 13, 2018
Authored by Jann Horn, Google Security Research

There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889, which is used by the "garcon" service. garcon uses gRPC, which is an RPC protocol that sends protobufs over plaintext HTTP/2. (Other system components communicate with the VM over gRPC-over-vsock, but garcon uses gRPC-over-TCP.) For some command types, the TCP connection is initiated by the host; for others, it is initiated by the guest. Both guest and host are listening on [::]:8889; however, the iptables rules of the host prevent an outside host from simply connecting to those sockets. However, apps running on the host are not affected by such restrictions.

tags | exploit, web, tcp, protocol
MD5 | aff1ab159e8069bed85cefa1dff66810
Android Privilege Escalation
Posted Sep 11, 2018
Authored by Jann Horn, Google Security Research

Android suffers from a privilege escalation vulnerability in zygote that can be leveraged by CVE-2018-9445.

tags | exploit
advisories | CVE-2018-9445, CVE-2018-9488
MD5 | ab958bdb52ab9f8d11c64fe093731380
Linux Insufficient Shootdown For Paging-Structure Caches
Posted Sep 11, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from an insufficient shootdown for paging-structure caches.

tags | exploit
systems | linux
MD5 | 8c0d36eab2a0b162e885643f73377706
gVisor Sentry Invalid Access
Posted Aug 31, 2018
Authored by Jann Horn, Google Security Research

gVisor Sentry permits access to the renameat() syscall. As the sentry is not chrooted, it permits renaming files in the host system.

tags | advisory
MD5 | 82846292495d155d34683eb88e13fade
Linux reiserfs listxattr_filler() Heap Overflow
Posted Aug 31, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a reiserfs listxattr_filler() heap overflow vulnerability.

tags | exploit, overflow
systems | linux
MD5 | 32f35281c7d063fa006860df2819530e
Wayland wl_connection_demarshal() Out-Of-Bounds Memory Access
Posted Aug 28, 2018
Authored by Jann Horn, Google Security Research

Wayland suffers from an out-of-bounds memory access vulnerability in wl_connection_demarshal() on 32-bit systems.

tags | exploit
MD5 | d6df3a560088b2c39f11b2f8dc3a2c2d
Microsoft Windows JScript RegExp.lastIndex Use-After-Free
Posted Aug 28, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free vulnerability in jscript.dll related to how the lastIndex property of a RegExp object is handled. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network. The vulnerability has been reproduced on multiple Windows versions with the most recent patches applied.

tags | exploit, local
systems | windows
advisories | CVE-2018-8353
MD5 | b2cf3dec9e5bd796bccbeb593fafdabd
Adobe Flash AVC Processing Out Of Bounds Read
Posted Aug 24, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from an out-of-bounds read vulnerability during AVC processing.

tags | exploit
advisories | CVE-2018-12827
MD5 | 542426b18d0d3fbe815b6571db42555f
Ghostscript Command Execution / File Disclosure / Memory Corruption
Posted Aug 23, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from file disclosure, shell command execution, memory corruption, and type confusion bugs.

tags | exploit, shell
MD5 | 1bbaaab44336f199ff5bab7ea5351935
Linux percpu Race Condition
Posted Aug 23, 2018
Authored by Jann Horn, Google Security Research

Race conditions exist on percpu refcounts on struct mount.

tags | exploit
MD5 | 2431157d4031096f9869974723e0f6f4
Xen xen-netback xenvif_set_hash_mapping Integer Overflow
Posted Aug 17, 2018
Authored by Felix Wilhelm, Google Security Research

Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.

tags | advisory, overflow
MD5 | 056a37f9c265e3d9566b012c2ea95423
Microsoft Edge Chakra InitializeNumberFormat / InitializeDateTimeFormat Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the other is for ICU. The problem is that the versions for ICU don't check whether the given object has been initialized. This allows to initialize the same object multiple times which can lead to type confusion.

tags | exploit
advisories | CVE-2018-8298
MD5 | 1b3261f5867fe61b3069b230e5d96d54
Microsoft Edge Chakra JIT InlineArrayPush Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with InlineArrayPush.

tags | exploit
MD5 | 10eb2bef76e9e5e5df10028a6b00b0b7
Microsoft Edge Chakra DictionaryPropertyDescriptor::CopyFrom Failed Copy
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra has an issue where DictionaryPropertyDescriptor::CopyFrom does not copy all fields.

tags | exploit
advisories | CVE-2018-8291
MD5 | 58ac89a215bdcc730aeb2f04f26ab26d
Microsoft Edge Chakra Parameter Scope Parsing Bug
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a parameter scope parsing bug.

tags | exploit
advisories | CVE-2018-8279
MD5 | 8b8b33096fd8de5b5ebbe8619cff7a64
Microsoft Edge Chakra JIT ImplicitCallFlags Check Bypass
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl.

tags | exploit, bypass
advisories | CVE-2018-8288
MD5 | b06d81dae646fb997c8078d09c0343ba
Google Android USB Directory Traversal
Posted Aug 13, 2018
Authored by Jann Horn, Google Security Research

Android suffers from a directory traversal vulnerability leveraged over USB via injection in blkid output.

tags | exploit
advisories | CVE-2018-9445
MD5 | 54330565924c07e00a436420e71adec0
cgit cgit_clone_objects() Directory Traversal
Posted Aug 6, 2018
Authored by Jann Horn, Google Security Research

cgit suffers from a directory traversal vulnerability in cgit_clone_objects().

tags | exploit
advisories | CVE-2018-14912
MD5 | f306e9c0fb056a4bc0fe47e73bb69b90
Page 1 of 46
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    30 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close