Microsoft MsMpEng suffers from an issue where the UIF decoder will spin forever processing sparse blocks.
6836f45a69f6f071caf05f74b515b151a7337c71a449b6d44cc02c812c149f3e
MPEngine MsMpEng in Microsoft Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more suffers from a remotely exploitable type confusion.
71f1e4c261be22330753db2dd368004f0b32b16209242b09131afbc4d41684fb
The Nintendo 3DS DNS client resolver library uses a predictable (incremented) TXID allowing for the spoofing of responses.
f5c21a78f99b5f6cde7c75e94a484f05c6eb123b704e14150dcd8700cbaa9823
LastPass allows global properties to be modified across isolated worlds allowing for remote code execution.
9ed079fcb0d244aa6283137999747a3a863596c417d774f11999caccfd2cde18
The LastPass domain regex does not handle data and other pseudo-url schemes.
c0a8fe296712f524a32da5c517945525e5ab13ee7092ff234e231f8b07fc44f8
LastPass had an issue with websiteConnector.js content script allows proxying internal RPC commands. The fix appears to not work on FireFox.
27d63cb0f60259717435f5611911b967a0c0559c6c2c10dfabac06098d0685e1
websiteConnector.js content script in LastPass allows for proxying of internal RPC commands.
c01b74d3513ae36c123c2c3bd27e5429944df7d35416e37f930ce4fb1b95e591
Cloudflare has reverse proxies that are dumping uninitialized memory.
66511f241de1d3b330ddbb6ca920b62835261e611a2fa6e9a5e1f26923a423df
This Metasploit module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system.
6c42287dc4186a67ead4ee41cfd7c7d1bcf0bc8d846ea957b70ad1e16c11f4df
Cisco WebEx version 1.0.5 suffers from a new arbitrary command execution vulnerability via a module whitelist bypass.
cca3ecf12e0dac1eb99404188e20bcca27a53567815273560c040946b9001609
Cisco's WebEx extension has a URL that allows for arbitrary remote command execution.
38e70d300153f0f056a7136a948b0b4e1125d12a487e0e736084b746311e4b8a
In order to inspect encrypted data streams using SSL/TLS, Kaspersky installs a WFP driver to intercept all outgoing HTTPS connections. They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on-the-fly. This is why if you examine a certificate when using Kaspersky Antivirus, the issuer appears to be "Kaspersky Anti-Virus Personal Root". Kaspersky's certificate interception has previously resulted in serious vulnerabilities, but quick review finds many simple problems still exist. For example, the way leaf certificates are cached uses an extremely naive fingerprinting technique. Kaspersky cache recently generated certificates in memory in case the user agent initiates another connection. In order to do this, Kaspersky fetches the certificate chain and then checks if it's already generated a matching leaf certificate in the cache. If it has, it just grabs the existing certificate and private key and then reuses it for the new connection. The cache is a binary tree, and as new leaf certificates and keys are generated, they're inserted using the first 32 bits of MD5(serialNumber||issuer) as the key. If a match is found for a key, they just pull the previously generated certificate and key out of the binary tree and start using it to relay data to the user-agent. You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds. In fact, producing a collision with any other certificate is trivial.
62a363de88e0143fb1b6e4fbc89e03980ce4d3bb71f50510388690356f2ef1c2
Kaspersky fails to adequately protect its local CA root.
e616d063bcea88d45ea4488a02eadbbf74b14cc52e5b5963dad38248c18bd1aa
Palo Alto Networks PanOS suffers from a root_reboot local privilege escalation vulnerability.
77b90d6716d58a4f8b814a7d51d68c8130edeff0b31b29a1ae4d36ee5932035c
Palo Alto Networks PanOS suffers from a root_trace local privilege escalation vulnerability.
fa9287845339b7532fe00af817e6a9f334b941965b54b7b6772bb41d07ad920d
Palo Alto Networks PanOS suffers from a stack buffer overflow in the appweb3 embedded webserver.
46316d54fe0b1eaeb6e793d9de3a88060515fc612e68480aff0ecc2569c52c70
There are a number of problems with the security model of 1Password that results in the local security model being disabled, as well as a number of security, sandboxing and virtualization features.
8489830ab99717565de0b95fb8a62e1d6228d87f421b300b6a51b34ddfeba76b
The ghostscript -dSAFER parameter that is used when handling untrusted documents appears broken on multiple distributions. This could result in arbitrary file disclosure on systems that process pdf, ps, use ImageMagick or graphicsmagick, etc.
dc280411e56c7501d5d20a65fe970344a58ad204857dc30600a3ba1be43070e4
Symantec Antivirus includes RAR unpacking memory corruption issues that can lead to remote code execution.
9f57b2a3b52264e8df535a836560985566bdee33f433a00744602c523418b41f
Dashlane suffers from a cross site scripting vulnerability in the doOnboardingSiteStep API.
8ae21cea6fb92d7febc9458b8ecef807dba56c0929a989b446a126174608f426
Keeper suffers from an issue where a trusted UI is injected into an untrusted webpage.
bc5f2d8563853d8fb0eb9f4dfe423eef486e80138fb54b3a704e0a4fe79e486d
LastPass version 4.1.20a on Windows suffers from some issues where the add-on works by injecting elements and event handlers into the page. The attached proof of concept will delete a given file.
251e29ebd27cfc49ad197f0294b26341778ad40b289cfd17cf8122679ada2ce7
Symantec suffers from a PowerPoint misaligned stream-cache remote stack buffer overflow vulnerability.
052761903f16d88db4affd9da98d81a78c52c8c900fd66dad4540b019026eb1e
Symantec suffers from a missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink.
34b4ac0ff008d01486602041869fd3b2080584c09bba6351c3c21ccd2dc47d09
Symantec suffers from an integer overflow in the TNEF decoder.
ade0be4c94efeb64e7d34ea7456d064b5cda1c9f3ea14dd9429dca9736285693