exploit the possibilities
Showing 51 - 75 of 1,504 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2020-06-25
libx264 H264 Conversion Out-Of-Bounds Write
Posted Feb 7, 2020
Authored by Google Security Research, natashenka

libx264 suffers from an out-of-bounds write when converting to H264.

tags | exploit
MD5 | a454ee0a3cf6ffcdaf4ffb1e2f6f1ea5
macOS ImageIO JPEG Out-Of-Bounds Write
Posted Feb 7, 2020
Authored by saelo, Google Security Research

ImageIO on macOS suffers from an issue where a heap out-of-bounds write occurs when processing JPEG images.

tags | exploit
advisories | CVE-2020-3827, CVE-2020-3870
MD5 | 97e1f93434c4368069b75479c4a0d5c6
macOS/iOS kern_stack_snapshot_internal() Userspace Share Issue
Posted Feb 7, 2020
Authored by Google Security Research, bazad

macOS and iOS suffer from an issue where kern_stack_snapshot_internal() shares non-zeroed kernel pages with userspace.

tags | exploit, kernel
systems | ios
advisories | CVE-2020-3875
MD5 | 9ba8ef3758b3008ca2cd79dcec2effb0
macOS/iOS ImageIO DDS Image Out-Of-Bounds Read
Posted Feb 7, 2020
Authored by saelo, Google Security Research

macOS and iOS suffer from an out-of-bounds read when processing DDS images with ImageIO.

tags | exploit
systems | ios
advisories | CVE-2020-3826
MD5 | 744a77b150f3b9b90f322d4ef38f096d
macOS / iOS ImageIO Heap Corruption
Posted Jan 27, 2020
Authored by saelo, Google Security Research

macOS and iOS suffers from an ImageIO heap corruption vulnerability when processing malformed TIFF images.

tags | exploit
systems | ios
MD5 | f09a3684b3b87ef878c518dc38922c1c
XNU vm_map_copy Insufficient Fix
Posted Jan 22, 2020
Authored by Google Security Research, ianbeer

An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.

tags | exploit
advisories | CVE-2019-6205, CVE-2019-8833
MD5 | f8e6dfd4187cd8bfbcbdada394e14738
Android ashmem Read-Only Bypasses
Posted Jan 10, 2020
Authored by Jann Horn, Google Security Research

Android suffers from ashmem read-only bypass vulnerabilities via remap_file_pages() and ASHMEM_UNPIN.

tags | exploit, vulnerability
advisories | CVE-2020-0009
MD5 | 1ce1f492c6697220a1377f632e2b8f79
WeChat CAudioJBM::InputAudioFrameToJBM Memory Corruption
Posted Jan 10, 2020
Authored by Google Security Research, natashenka

There is a memory corruption vulnerability in audio processing during a voice call in WeChat. When an RTP packet is processed, there is a call to UnpacketRTP. This function decrements the length of the packet by 12 without checking that the packet has at least 12 bytes in it. This leads to a negative packet length. Then, CAudioJBM::InputAudioFrameToJBM will check that the packet size is smaller than the size of a buffer before calling memcpy, but this check (n < 300) does not consider that the packet length could be negative due to the previous error. This leads to an out-of-bounds copy.

tags | exploit
MD5 | d5e852c27b43a4bc7e13605282d84e25
FaceTime _RSU_DecodeByteBuffer Out-Of-Bounds Read
Posted Dec 20, 2019
Authored by Google Security Research, natashenka

FaceTime suffers from an out-of-bounds read vulnerability in _RSU_DecodeByteBuffer.

tags | exploit
advisories | CVE-2019-8830
MD5 | 77e7d5ed9577e8022d167f6d39eeded3
macOS Kernel wait_for_namespace_event() Race Condition / Use-After-Free
Posted Dec 18, 2019
Authored by Google Security Research, bazad

In the macOS kernel, the XNU function wait_for_namespace_event() in bsd/vfs/vfs_syscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fp_free(), which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could manipulate those objects while they're being freed. Exploitation requires root privileges.

tags | exploit, kernel, root
systems | bsd
MD5 | cba1e82afa4ec28fd0073d6cfded8a11
Linux sendmsg() Privilege Escalation
Posted Dec 16, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a privilege escalation vulnerability via io_uring offload of sendmsg() onto kernel thread with kernel creds.

tags | exploit, kernel
systems | linux
advisories | CVE-2019-19241
MD5 | 7594e7ead982b1ba2cb61b42fa00ac35
Adobe Acrobat Reader DC For Windows Memory Corruption
Posted Dec 11, 2019
Authored by Google Security Research, mjurczyk

Adobe Acrobat Reader DC for Windows suffers from a heap-based memory corruption vulnerability due to malformed TTF font handling.

tags | exploit
systems | windows
advisories | CVE-2019-16451, CVE-2019-8042
MD5 | 758f99d981b49ec41d80325c4f847006
Grub2 grub2-set-bootflag Environment Corruption
Posted Nov 27, 2019
Authored by Tavis Ormandy, Google Security Research

Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

tags | exploit
systems | linux, fedora
MD5 | 521fcef9f7dbf428929332a5f1ece053
Microsoft Internet Explorer Use-After-Free
Posted Nov 21, 2019
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer suffers from a use-after-free vulnerability in Script arguments during toJSON callback.

tags | exploit
advisories | CVE-2019-1429
MD5 | 9b1e32c7d5ecc6ef6b2e7b6e987d25b5
macOS update_dyld_shared_cache Privilege Escalation
Posted Nov 21, 2019
Authored by Jann Horn, Google Security Research

macOS suffers from an update_dyld_shared_cache privilege escalation vulnerability.

tags | exploit
MD5 | ccb563e2e8325980cd5cfa90ec74c416
iOS mediaserverd Integer Overflow Sandbox Escape
Posted Nov 15, 2019
Authored by Google Security Research, ianbeer

iOS suffers from a sandbox escape vulnerability due to an integer overflow in mediaserverd.

tags | exploit, overflow
systems | ios
MD5 | 2596a26960f328e0ae84af2d60d2f0d1
Ubuntu shiftfs refcount Underflow / Type Confusion
Posted Nov 14, 2019
Authored by Jann Horn, Google Security Research

Ubuntu suffers from refcount underflow and type confusion vulnerabilities in shiftfs.

tags | exploit, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-15793
MD5 | 0997e77626bf20fe372537310c94c69f
Ubuntu ubuntu-aufs-modified mmap_region() Refcounting Issue
Posted Nov 12, 2019
Authored by Jann Horn, Google Security Research

Ubuntu suffers from an issue where ubuntu-aufs-modified mmap_region() breaks refcounting in overlayfs/shiftfs error path.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2019-15794
MD5 | dbc5f5b20329ede3b61e960c453e1e6a
Adobe Acrobat Reader DC For Windows Malformed OTF Font Uninitialized Pointer
Posted Nov 11, 2019
Authored by Google Security Research, mjurczyk

An issue exists where Adobe Acrobat Reader DC for Windows makes use of an uninitialized pointer due to a malformed OTF font (CFF table).

tags | exploit
systems | windows
advisories | CVE-2019-8196
MD5 | bae53b75b8cc138268f5e6384fcb5d63
Adobe Acrobat Reader DC For Windows Malformed JBIG2Globals Stream Uninitialized Pointer
Posted Nov 11, 2019
Authored by Google Security Research, mjurczyk

An issue exists with Adobe Acrobat Reader DC for Windows use of an uninitialized pointer due to malformed JBIG2Globals stream.

tags | exploit
systems | windows
advisories | CVE-2019-8195
MD5 | 2e0983da88e101353889315463cb5bd1
iMessage NSSharedKeyDictionary Decode Out-Of-Bounds Read
Posted Nov 11, 2019
Authored by saelo, Google Security Research

iMessage suffers from an issue where decoding NSSharedKeyDictionary can lead to out-of-bounds reads.

tags | advisory
advisories | CVE-2019-8746
MD5 | a2b5e05c79091ab5459b0ba4514324d3
iMessage NSSharedKeyDictionary Decode Incorrect Address Read
Posted Nov 11, 2019
Authored by saelo, Google Security Research

iMessage suffers from an issue where decoding NSSharedKeyDictionary can read an ObjC object at attacker controlled address.

tags | exploit
advisories | CVE-2019-8641, CVE-2019-8662
MD5 | 44b9493651f02f67170dee4980389e1a
Chrome Site Isolation Bypass / File Disclosure
Posted Nov 8, 2019
Authored by Google Security Research, Glazvunov

The Chrome Payment Handler API suffers from site isolation bypass and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability
MD5 | a0e44b48eda93d22f89c1bb42d02f804
WebKit NodeRareData::m_connectedFrameCount Integer Overflow / UXSS / Type Confusion
Posted Nov 7, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from an integer overflow in NodeRareData::m_connectedFrameCount that can lead to universal cross site scripting and type confusion.

tags | exploit, overflow, xss
advisories | CVE-2019-8822
MD5 | ab1e8dd57e42d668deb196080d883ef1
XNU Missing Locking Race Condition
Posted Nov 5, 2019
Authored by Jann Horn, Google Security Research

XNU has an issue where missing locking in checkdirs_callback() enables a race condition with fchdir_common().

tags | exploit
MD5 | 85e06607829ab208006bfe5a5ef59847
Page 3 of 61
Back12345Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    8 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close