386 matches found
CodeAnalysis - Static Code Analysis
Tencent Cloud Code Analysis TCA for short, code-named CodeDog inside the company early is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...
Codecat v0.56 - An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis
CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Current rules for C,C++,GO,Python,javascript,Swift,PHP,Ruby,ASP,Kotlin,Dart and Java.you can create your rules video How too install, step by step:...
[SECURITY] Fedora 35 Update: radare2-5.6.4-1.fc35
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
Underflown variable in borrowGivenDebtETHCollateral function
Lines of code Vulnerability details Impact borrowGivenDebtETHCollateral function does never properly call ETH.transfer due to underflow. If borrowGivenDebtETHCollateral function is not deprecated, it would cause unexpected behaviors for users. Proof of Concept Here are codes which contain a...
Checkov - Prevent Cloud Misconfigurations During Build-Time For Terraform, CloudFormation, Kubernetes, Serverless Framework And Other Infrastructure-As-Code-Languages
Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Dockerfile, Serverless or ARM Templates and detects securi ty and compliance misconfigurations using graph-based...
Functions getLatestRoundData and getRoundData do not check that the price returned from a chainlink aggregator is != 0 (Oracle.sol)
Lines of code Vulnerability details Impact The getLatestRoundData function in the contract Oracle.sol fetches the latestPrice directly from a Chainlink aggregator using the latestRoundData function. While latestPrice is checked for 0 and staleness, there is no check if the value is != 0. This cou...
[SECURITY] Fedora 35 Update: radare2-5.6.0-1.fc35
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
[SECURITY] Fedora 34 Update: radare2-5.6.0-1.fc34
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
Fedora: Security Advisory for radare2 (FEDORA-2022-3fc85cd09c)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Exploit for Missing Authorization in Gin-Vue-Admin_Project Gin-Vue-Admin
Gin-Vue-admin Vertical Override Vulnerability and Code Analy...
This shouldn't have happened: A vulnerability postmortem
Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden attack surface or interesting complex vulnerability class. This time, I want to talk about a vulnerability that is neither of those things. The striking thing about thi...
Whispers - Identify Hardcoded Secrets In Static Structured Text
"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...
RLSA-2021:4743 Moderate: llvm-toolset:rhel8 security update
LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...
Moderate: llvm-toolset:rhel8 security update
LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...
llvm-toolset:rhel8 bug fix and enhancement update
An update is available for compiler-rt, lldb, lld, llvm, llvm-toolset, clang, libomp, python-lit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LLVM Toolset...
llvm-toolset:rhel8 bug fix and enhancement update
LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. For...
ALEA-2021:4233 llvm-toolset:rhel8 bug fix and enhancement update
LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. For...
trgil gilcc buffer overflow vulnerability
Gilcc is a C code analysis tool. trgil gilcc suffers from a buffer overflow vulnerability that stems from an out-of-bounds array access to the software's function srcparsertransstage123, which can be exploited by attackers to cause a denial of service...
Fedora: Security Advisory for radare2 (FEDORA-2021-d206891379)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps
Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "Mariana Trench is designed to be able to scan large...