Microsoft Edge Chakra JIT has an issue where Op_MaxInAnArray and Op_MinInAnArray Misuse can explicitly call user defined JavaScript functions.
Microsoft Edge Chakra JIT has an issue where BackwardPass::RemoveEmptyLoopAfterMemOp does not insert branches.
Microsoft Edge Chakra JIT suffers from an out-of-bounds read in asm.js.
The Android MemoryIntArray class allows processes to share an in-memory array of integers backed by an “ashmem” file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and transferred via binder to remote processes.
The Microsoft Windows kernel suffers from a stack memory disclosure in nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues).
The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformation).
Microsoft Edge Chakra fails to detect if “tmp” escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.
The Microsoft Windows local print spooler can be abused to create an arbitrary file from a low privilege application including one in an AC as well as a typical Edge LPAC CP leading to elevation of privilege.
Proof of concept that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions.
This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on […]