sungjungk

3 exploits Active since Nov 2018
CVE-2018-19358 WRITEUP HIGH WORKING POC
GNOME Keyring <3.28.2 - Info Disclosure
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.
CVSS 7.8
CVE-2020-11937 WRITEUP MEDIUM WORKING POC
Canonical Whoopsie - Memory Leak
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
CVSS 5.5
CVE-2020-15570 WRITEUP MEDIUM WRITEUP
Whoopsie < 0.2.69 - Resource Allocation Without Limits
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVSS 5.5