SUSE-SU-2020:2813-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - nodejs12 was updated to 12.18.4 LTS: - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion bsc1176605. - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak...

SUSE-SU-2020:2812-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - nodejs12 was updated to 12.18.4 LTS: - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion bsc1176605. - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak...

SUSE-SU-2020:2800-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc1172442. - CVE-2020-7598: Fixed an issue which...

openSUSE Security Update : pdns (openSUSE-2020-1556)

This update for pdns fixes the following issues : - Build with libmaxminddb instead of the obsolete GeoIP boo1156196 - CVE-2020-17482: Fixed an error that can result in leaking of uninitialised memory through crafted zone records boo1176535 - Backported compilation fix vs. latest Boost 1.74...

openSUSE: Security Advisory for pdns (openSUSE-SU-2020:1556-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1556-1 Security update for pdns

This update for pdns fixes the following issues: - Build with libmaxminddb instead of the obsolete GeoIP boo1156196 - CVE-2020-17482: Fixed an error that can result in leaking of uninitialised memory through crafted zone records boo1176535 - Backported compilation fix vs. latest Boost 1.74...

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...

Dnxfirewall - A Pure Python Next Generation Firewall Built On Top Of Linux Kernel/Netfilter

DNX Firewall is an optimized/high performance collection of applications or services to convert a standard linux system into a zone based next generation firewall. All software is designed to run in conjunction with eachother, but with a modular design certain aspects can be completely removed wi...

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Open-Xchange: A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference

Reproduction realcrash.sieve is the attached script 1. Build dovecot and pigeonhole 2. Run sievec realcrash.sieve Requirements include and variables extensions should be required. One of the global commands global/export/import without any arguments should be followed by the same command with val...

X64Dbg - An Open-Source X64/X32 Debugger For Windows

An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog! Screenshots Installatio...

CVE-2020-13896

The web interface of Maipu MP1800X-50 7.5.3.14R devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Fedora 31 : tcpreplay (2020-256ac53cc7)

This release contains bug fixes only which includes security fixes : - Increase cache buffers size to accomodate VLAN edits 594 - Correct L2 header length to correct IP header offset 583 - Fix warnings from gcc version 10 580 - Heap Buffer Overflow in randomizeiparp 579 - Use after free in...

Remote Code Execution (RCE)

jenkins-script-security-plugin is vulnerabl to sandbox protection bypass during script compilation phase by applying AST transforming annotations...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

wxHexEditor - Hex Editor / Disk Editor for Huge Files or Devices on Linux, Windows and MacOSX

wxHexEditor is another Free Hex Editor, build because there is no good hex editor for Linux system, specially for big files. Low Level Data Recovery with wxHexEditor wxHexEditor is not an ordinary hex editor, but could work as low level disk editor too. If you have problems with your HDD or...

CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...