CVE-2019-9754

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro function in tccpp.c...

Out-of-bounds

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro function in tccpp.c...

UBUNTU-CVE-2019-9754

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro function in tccpp.c...

CVE-2019-9754

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro function in tccpp.c...

CVE-2019-9754

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro function in tccpp.c...

CVE-2019-9754

The CVE-2019-9754 issue affects Tiny C Compiler (TinyCC/TCC) 0.9.27. An attacker-supplied crafted source file can trigger a 1-byte out-of-bounds write in the end_macro function of tccpp.c. The connected sources consistently describe this exact flaw; no additional technical details (e.g., affected...

CentOS Update for kernel CESA-2019:0415 centos6

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Defeating Compiler-Level Obfuscations Used in APT10 Malware

Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...

WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

/ https://github.com/WebKit/webkit/blob/3fff8c40c665a09de5e3ede46fc35908f69353c3/Source/JavaScriptCore/runtime/Lookup.hL392 if value.attributes & PropertyAttribute::PropertyCallback JSValue result = value.lazyPropertyCallbackvm, &thisObj; thisObj.putDirectvm, propertyName, result,...

GHSA-HJGP-8FFR-HWWR closurecompiler downloads Resources over HTTP

Affected versions of closurecompiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

GHSA-69R7-CW26-PX6H Downloads Resources over HTTP in google-closure-tools-latest

Affected versions of google-closure-tools-latest insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Regular Expression Denial of Service in riot-compiler

Affected versions of riot-compiler are susceptible to a regular expression denial of service vulnerability. Recommendation Update to version 2.3.22 or later...

GHSA-PP4V-55VR-9GXH Regular Expression Denial of Service in riot-compiler

Affected versions of riot-compiler are susceptible to a regular expression denial of service vulnerability. Recommendation Update to version 2.3.22 or later...

FUJITSU Compiler Detection (Windows SMB Login)

Detects the installed version of FUJITSU Compiler for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it...

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it...

CVE-2018-12549

CVE-2018-12549 affects Eclipse OpenJ9 VM up to version 0.11.0, where the JIT compiler may omit a null check on the receiver object of an Unsafe call during acceleration. This can enable a remote attacker to execute arbitrary code on the system, as reflected by the CVSS3 base score of 9.8 (high/cr...

PT-2019-11304 · Jenkins · Jenkins Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Groovy Plugin versions 2.0 and earlier Description: A sandbox bypass issue allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint, resulting in arbitrary code execution on the Jenkins master JVM...

PT-2019-11306 · Jenkins · Jenkins Warnings Next Generation Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Next Generation Plugin versions 2.1.1 and earlier Description: A cross-site request forgery issue exists that allows attackers to execute arbitrary code via a form validation HTTP endpoint. The endpoint, used to validate a...

Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware

UPDATE An Iran-linked APT known as Chafer has been spotted targeting various entities based in Iran with an enhanced version of a custom malware that takes a very unique approach to communication by using the Microsoft Background Intelligent Transfer Service BITS mechanism over HTTP. Meanwhile th...