AppleAVD deallocateKernelMemoryInternal Missing Surface Lock
Authored by Google Security Research, natashenka
In AppleAVD.kext, pixel buffers are mapped by calling AppleAVDUserClient::_mapPixelBuffer, which eventually calls AppleAVD::allocateKernelMemoryInternal. If the buffer is an IOSurface, the function calls IOSurface::deviceLockSurface before...
AppleAVD AppleAVDUserClient::decodeFrameFig Memory Corruption
Authored by Google Security Research, natashenka
In the function AppleAVDUserClient::decodeFrameFig, a location in the decoder's IOSurface input buffer is calculated, and then bzero is called on it. The size of...
Cisco Secure Email Gateway Malware Detection Evasion
Change Mirror Download
This report is being published within a coordinated disclosureprocedure. The researcher has been in contact with the vendorbut not received a satisfactory response within a given...
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
Authored by Julien Ahrens | Site rcesecurity.com
WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.
advisories | CVE-2022-3747
Change Mirror Download
RCE Security Advisoryhttps://www.rcesecurity.com1. ADVISORY...
VMware NSX Manager XStream Unauthenticated Remote Code Execution
Authored by mr_me, Sina Kheirkhah, h00die-gr3y | Site metasploit.com
VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of...
Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution
Authored by malvuln | Site malvuln.com
Backdoor.Win32.RemServ.d malware suffers from a remote command execution vulnerability.
Change Mirror Download
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txtContact: [email protected]: twitter.com/malvulnThreat:...
libxml2 Attribute Parsing Double-Free
Authored by Google Security Research
libxml2 suffers from a double-free vulnerability when parsing default attributes.
advisories | CVE-2022-40304
libxml2 xmlParseNameComplex Integer Overflow
Authored by Google Security Research
libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.
advisories | CVE-2022-29824, CVE-2022-40303
Change Mirror Download
libxml2: Integer overflow in xmlParseNameComplexlibxml2 is vulnerable to an integer overflow in...
Node-saml Root Element Signature Bypass
Authored by Google Security Research, Felix Wilhelm
Node-saml and its partner project passport-saml are vulnerable to an authentication bypass due to lax parsing of SAML responses.
advisories | CVE-2022-39299
IOTransfer 4 Unquoted Service Path
Authored by BLAY ABU SAFIAN
IOTransfer version 4 suffers from an unquoted service path vulnerability.
Change Mirror Download
# Exploit Title: IOTransfer V4 - Unquoted Service Path# Exploit Author: BLAY ABU SAFIAN...





