what you don't know can hurt you
Showing 76 - 100 of 1,649 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2022-01-24
Microsoft Windows Containers AppSilo Object Manager Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has an issue with containers where the kernel incorrectly chooses the wrong silo when looking up the root object manager directory leading to elevation of privilege.

tags | exploit, kernel, root
systems | windows
advisories | CVE-2021-26865
MD5 | d249fdb9dab1efdef449b7c32504cdc9
Microsoft Windows WindowsCodecsRaw!COlympusE300LoadRaw Out-Of-Bounds Write
Posted Mar 9, 2021
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds write vulnerability in WindowsCodecsRaw.dll in the COlympusE300LoadRaw::olympus_e300_load_raw function that can be triggered by parsing a crafted Olympus E300 raw image with Windows Imaging Component (WIC). The vulnerability has been reproduced on Windows 10 64-bit with the most recent patches applied.

tags | exploit
systems | windows
advisories | CVE-2021-24091
MD5 | 815147d984fdba3d24de7e30eaacb8fb
Package Control Arbitrary File Write
Posted Feb 26, 2021
Authored by Google Security Research, Felix Wilhelm

Package Control suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
MD5 | fc1001c8bbe8a7cae533f770aa149604
Microsoft DirectWrite fsg_ExecuteGlyph Buffer Overflow
Posted Feb 26, 2021
Authored by Google Security Research, mjurczyk

Microsoft DirectWrite suffers from a heap-based buffer overflow vulnerability in fsg_ExecuteGlyph while processing variable TTF fonts.

tags | exploit, overflow
advisories | CVE-2021-24093
MD5 | 2de67da6a3c68e4e7554e5dc2ee4743e
Chrome DataElement Out-Of-Bounds Read
Posted Feb 26, 2021
Authored by Google Security Research, Mark Brand

Chrome suffers from an out-of-bounds read vulnerability in network DataElement struct traits.

tags | exploit
advisories | CVE-2020-16041
MD5 | 73c96566e94e07ed3318c4a92b7a01b4
Microsoft Windows Server Silo Registry Key Symbolic Link Privilege Escalation
Posted Feb 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-24096
MD5 | 91697f9020080e5254805aa5e5e1cc57
Chrome ClipboardWin::WriteBitmap Heap Buffer Overflow
Posted Feb 9, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap buffer overflow in ClipboardWin::WriteBitmap.

tags | exploit, overflow
advisories | CVE-2020-16025
MD5 | e662c8bbb6a52764c274f15d1f509097
Chrome SkBitmapOperations::UnPreMultiply Heap Buffer Overflow
Posted Feb 9, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap buffer overflow vulnerability in SkBitmapOperations::UnPreMultiply.

tags | exploit, overflow
advisories | CVE-2020-16024
MD5 | 32c9b241209db64702e60f06a67675c4
Apple CoreText libType1Scaler.dylib Out-Of-Bounds Write / Integer Overflow
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a heap out-of-bounds-write due to an integer overflow vulnerability in STOREWV othersubr.

tags | exploit, overflow
systems | apple
advisories | CVE-2020-27944
MD5 | b33deb9c9fd77bb9f85fcccf5c952979
Apple CoreText libFontParser.dylib Stack Corruption
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libFontParser.dylib suffers from a stack corruption vulnerability in the handling of /BlendDesignPositions Type 1 objects.

tags | exploit
systems | apple
advisories | CVE-2020-0938, CVE-2020-29624
MD5 | c178252e4ec3ca797a19785947f03896
Apple CoreText libType1Scaler.dylib Buffer Overflow
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a heap buffer overflow vulnerability in the Counter Control Hints.

tags | exploit, overflow
systems | apple
advisories | CVE-2020-27943
MD5 | c4ea7a179bb02915471d29ae7a729d9e
Apple CoreText libType1Scaler.dylib Memory Disclosure
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a memory disclosure vulnerability via an uninitialized transient array.

tags | exploit
systems | apple
advisories | CVE-2020-27946
MD5 | 58a55471b1e336a6f7a00a43543274c3
XNU Kernel Mach Message Trailers Memory Disclosure
Posted Feb 5, 2021
Authored by Google Security Research, ianbeer

The XNU kernel suffers from a memory disclosure vulnerability in mach message trailers.

tags | exploit, kernel
advisories | CVE-2020-27950
MD5 | fd485ea94f3d1c1a1348a97feddde88b
XNU Kernel Turnstiles Type Confusion
Posted Feb 5, 2021
Authored by Google Security Research, ianbeer

The XNU kernel suffers from a type confusion vulnerability in turnstiles.

tags | exploit, kernel
advisories | CVE-2020-27932
MD5 | a0391836c332c430261f0d75f705ed5a
Apple Safari Remote Code Execution
Posted Feb 5, 2021
Authored by Google Security Research, mjurczyk

Apple Safari is susceptible to a remote code execution vulnerability via an undefined othersubr in Type 1 fonts handled by libType1Scaler.dylib on macOS and iOS.

tags | exploit, remote, code execution
systems | apple, ios
advisories | CVE-2020-27930
MD5 | 46ada3aa4a5cf57b7f656c84696a56cc
GPG libgcrypt Heap Buffer Overflow
Posted Feb 1, 2021
Authored by Tavis Ormandy, Google Security Research

There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data and no verification or signature is validated before the vulnerability occurs.

tags | exploit, overflow
MD5 | 9a0ae509391275947c719943ee40c587
Glibc Character Conversion Assertion
Posted Jan 29, 2021
Authored by Tavis Ormandy, Google Security Research

If an application uses iconv() with an attacker specified character set, there's an assertion in the gconv buffer management code that can be triggered, crashing the application. The crash only occurs with ISO-2022-JP-3 encoding.

tags | advisory
MD5 | 95357505e4eb0edd827bee432e14e8e7
Node.js TLSWrap Use-After-Free
Posted Jan 5, 2021
Authored by Google Security Research, Felix Wilhelm

Node version 14.11.0 is vulnerable to a use-after-free bug in its TLS implementation.

tags | exploit
MD5 | 605c74b7f6ed00900884dafc459cf57e
Microsoft Windows splWOW64 Privilege Escalation
Posted Dec 23, 2020
Authored by Google Security Research, Maddie Stone

CVE-2020-0986, which was exploited in the wild, was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to splwow64.exe (Medium integrity) and gain a write-what-where primitive in splwow64’s memory space. The attacker controls the destination, the contents that are copied, and the number of bytes copied through a memcpy call.

tags | exploit
advisories | CVE-2020-0986, CVE-2021-1648
MD5 | 43653a72a19a4fb4ecc7c809b0ae1e68
usrsctp COOKIE-ECHO Use-After-Free
Posted Dec 23, 2020
Authored by Google Security Research, Tim Willis

usrsctp suffers from a use-after-free write when handling a malicious COOKIE-ECHO.

tags | exploit
MD5 | a155eaa93037f6e176e030160ef6c1d6
Linux TIOCSPGRP Broken Locking
Posted Dec 22, 2020
Authored by Jann Horn, Google Security Research

Linux suffers from broken locking in TIOCSPGRP that can lead to a corrupted refcount.

tags | exploit
systems | linux
advisories | CVE-2020-29661
MD5 | d37fdf0d783b8893341574d9756e44cb
macOS ImageIO Out-Of-Bounds Write
Posted Dec 16, 2020
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.

tags | exploit
advisories | CVE-2020-29611
MD5 | f62261f5660f9ced363ae4dabdfa325f
Qualcomm Adreno GPU PID Reuse Mapping Leak
Posted Dec 15, 2020
Authored by Google Security Research, hawkes

Qualcomm Adreno GPU PID reuse can lead to a shared mapping leak vulnerability.

tags | exploit
advisories | CVE-2020-11311
MD5 | 35acf4ac51c404442520651898879148
usrsctp HMAC Generation Out-Of-Bounds Access
Posted Dec 14, 2020
Authored by Google Security Research, Felix Wilhelm

usrsctp suffers from insecure HMAC generation that can lead to out-of-bounds access.

tags | exploit
MD5 | 60dae1b024aad137dbbc2e032f8413ac
usrsctp pending_reply_queue Out-Of-Bounds Access
Posted Dec 14, 2020
Authored by Google Security Research, Felix Wilhelm

usrsctp suffers from a usrsctp pending_reply_queue out-of-bounds access vulnerability.

tags | exploit
MD5 | fbfd1f9af88626326bb98128c859b372
Page 4 of 66
Back23456Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close