4671 matches found
h1-ctf: Hacky Holidays CTF Writeup
Intro: 12 days of challenges - some more challenging than others! This holiday CTF had all 12 challenges hosted on the website https://hackyholidays.h1ctf.com/ F1129112 Challenge 1: I started by significantly overthinking all of the early challenges in this competition. When this CTF started the...
CVE-2020-29510
A flaw was found in go. Encoding and decoding of XML directives could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on directive integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SA...
CVE-2020-0488
In ihevcinterpredchromacopyssse3 of ihevcinterpredfiltersssse3intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
SUSE SLED15 / SLES15 Security Update : spice-gtk (SUSE-SU-2020:3071-1)
This update for spice-gtk fixes the following issues : CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding bsc1177158. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted...
SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:3460-1)
This update for java-180-openjdk fixes the following issues : Fix regression '8250861: Crash in MinINode::IdealPhaseGVN, bool', introduced in October 2020 CPU. Update to version jdk8u272 icedtea 3.17.0 July 2020 CPU, bsc1174157, and October 2020 CPU, bsc1177943 - New features + JDK-8245468: Add...
SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:3159-1)
"This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...
SUSE SLES15 Security Update : spice (SUSE-SU-2020:3070-1)
This update for spice fixes the following issues : CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding bsc1177158. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...
SUSE SLES12 Security Update : spice-gtk (SUSE-SU-2020:3085-1)
This update for spice-gtk fixes the following issues : CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding bsc1177158. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted...
Karkinos - Penetration Testing And Hacking CTF's Swiss Army Knife With: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following: Encoding/Decoding characters Encrypting/Decrypting text or files Reverse shell handling Cracking and generating hashes Dependancies Any server capable of hosting...
Denial Of Service (DoS)
Tarantool is vulnerable to denial of service. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability...
Apple macOS AudioCodecs AAC Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AudioCodecs module...
RUSTSEC-2020-0075 Unexpected panic when decoding tokens
Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead...
Unexpected panic when decoding tokens
Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead...
PT-2020-17550 · Branca · Branca
Name of the Vulnerable Software and Affected Versions: branca versions prior to 0.10.0 Description: An issue was discovered where decoding tokens with invalid base62 data can cause the program to panic. This occurs when tokens with incorrect base62 encoding are supplied, which can lead to...
DEBIAN-CVE-2020-26243
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being...
Authentication flaw
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal t...
MGASA-2020-0434 Updated python-pillow packages fix security vulnerabilities
Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c CVE-2020-10177. In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond...
Security update for java-11-openjdk (moderate)
openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2020:1984-1 Rating: moderate References: 1177943 Cross-References: CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 Affected Products:...
WAF JSON decoding capability required to protect against API threats like CVE-2020-13942 Apache Unomi RCE
New critical Apache Unomi exploit was released yesterday. As an official press release says: "Apache Unomi is the industrys first reference implementation of the upcoming OASIS CDP specification established by the OASIS CXS Technical Committee, which sets standards as a core technology for enabli...
Rehex - Reverse Engineers' Hex Editor
A cross-platform Windows, Linux, Mac hex editor for reverse engineering, and everything else. Features Large 1TB+ file support Decoding of integer/floating point value types Disassembly of machine code Highlighting and annotation of ranges of bytes Side by side comparision of selections...