164 matches found
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...
Scanvus – my open source Vulnerability Scanner for Linux hosts and Docker images
Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about my open source project Scanvus. This project is already a year old and I use it almost every day. Alternative video link for Russia: Scanvus Simple Credentialed...
WebRTC Heap Buffer Overflow Vulnerability
WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in the Google Android Open Source Project AOSP, which stems from a vulnerability that allows an attacker to remotely execute code via Bluetooth without additional privileges. The followi...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android Open Source Project AOSP, which stems from an attacker exploiting information leakage to potentially enable further attacks. The following versions are affected: AOSP versio...
Android Security Bulletin—July 2022Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2022-07-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
Tor’s (security) role in the future of the Internet, with Alec Muffett
Tor has a storied reputation in the world of online privacy. The open-source project lets people browse the Internet more anonymously by routing their traffic across different nodes before making a final connection between their device and a desired website. Its something weve discussed previousl...
CVE-2022-24875 Potential Secrets being logged to disk in CVEProject/cve-services
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...
cve-services 日志信息泄露漏洞
cve-services is an open source project. It is used to operate the CVE Services API. A security vulnerability exists in cve-services version 1.1.1 and earlier versions, which stems from org.conroller.js code that incorrectly logs user secrets...
MaxSite CMS Cross-Site Scripting Vulnerability (CNVD-2022-33826) (CVE-2022-25413)
MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.MaxSite CMS 108 has a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks via the ftags parameter in /admin/pageedit/3...
Sourcecodester Vehicle Service Management System 代码问题漏洞
Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. Sourcecodester Vehicle Service Management System has a security vulnerability that arises from improper design or implementation of the code...
Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability
Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...
GHSA-HGC3-HP6X-WPGX Antilles Dependency Confusion Vulnerability
Potential Impact: Remote code execution. Scope of Impact: Open-source project specific. Summary Description: A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a packag...
[SECURITY] Fedora 35 Update: moby-engine-20.10.9-1.fc35
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
CVE-2021-41091
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traver...
UPX Packed Headaches
Researching malware has many challenges. One of those challenges is obfuscated code and intentionally corrupted binaries. To address challenges like this, we've written a small tool in C that could fix intentionally corrupted binaries automatically. We also plan to open-source the project so othe...
CVE-2021-37222
Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via specially crafted packets...
Live555 UAF Vulnerability
Live555 is a cross-platform C open source project that provides a solution for streaming media, which implements support for standard streaming media delivery protocols such as RTP/RTCP, RTSP, SIP, etc. A security vulnerability exists in Live555, which stems from the fact that the affected produc...
Unspecified Vulnerability in Redmine
Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security vulnerability exists in Redmine versions prior to 3.4.13 and versions prior to 4.0.6 in t...
Command Execution Vulnerability in jeewms
jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms has a command execution vulnerability. Attackers can use this vulnerability to obtain server privileges...