GO-2022-0515 Stack exhaustion due to deeply nested types in go/parser

Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due to stack exhaustion...

CVE-2022-34032

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njsvalueownenumerate at src/njsvalue.c...

[SECURITY] Fedora 35 Update: source-to-image-1.3.1-4.fc35

Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...

Heap-based Buffer Overflow in function ins_compl_infercase_gettext()

Description Heap-based Buffer Overflow in function inscomplinfercasegettext at src/insexpand.c:645 vim version commit 3a393790a4fd7a5edcafbb55cd79438b6e641714 Author: Dominique Pelle Date: Thu Jul 14 17:40:49 2022 +0100 patch 9.0.0053: E1281 not tested with the old regexp engine Problem: E1281 no...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

IBM Security Verify Identity Manager 安全漏洞

IBM Security Verify Identity Manager is a security verification identity manager from IBM USA. A security vulnerability exists in IBM Security Verify Identity Manager version 10.0 that originates from the inclusion of sensitive information in the source code repository...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

WordPress Project Source Code Download plugin <= 1.0.0 - Unauthenticated Backup Download vulnerability

Unauthenticated Backup Download vulnerability discovered by Daniel Ruf in WordPress Project Source Code Download plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 4, 2022 and is not available for download. Reason: Security Issue...

How the FBI quietly added itself to criminals’ instant message conversations

Motherboard has disclosed some information about Operation Trojan Shield, in which the FBI intercepted messages from thousands of encrypted phones around the world. These messages are now used in courts across the world as corroborating evidence. Operation Trojan Shield The US Federal Bureau of...

Cspparse - A Tool To Evaluate Content Security Policies

cspparse is a tool to evaluate Content Security Policies. It uses Google's API to retrieve the CSP Headers and returns them in ReconJSON format. Not only does it check for headers with Google's API, it also parses the target site's HTML to look for any CSP rules that are specified in the tag...

U.S. Dept Of Defense: .git folder exposed [HtUS]

Heyy there, I have found a exposed .git folder on https://█████ https://████████/.git/config core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true remote "origin" url = https://████ fetch = +refs/heads/:refs/remotes/origin/ Using gitdumper...

U.S. Dept Of Defense: insecure gitlab repositories at ████████ [HtUS]

If you click the link https://███, you're redirected to https://██████/users/signin, where credentials have to be inserted. The repositories are private and shouldn't be accessable for unauthenticated users! POC If you click the following links https://████/api/v4/projects, information about...

[SECURITY] Fedora 36 Update: golang-x-lint-0-16.20210123git83fdc39.fc36

Golint is a linter for Go source code...

WP All Import < 3.6.8 - Admin+ Arbitrary File Upload

The plugin accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE As an admin upload a php file containing the palyload zipped along with a valid XML...

Integer Overflow in function lsr_translate_coords

Description Integer Overflow in function lsrtranslatecoords at laser/lsrdec.c:853 gpac version git log commit ea3af7c8242d1a82657dc3a518df5a5b1b5e27ed HEAD - master, origin/master, origin/HEAD Author: Romain Bouqueau Date: Tue Jun 28 19:25:58 2022 +0200 POC ./MP4Box -bt ./pocintof1s.dat...

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...

MAL-2022-4493 Malicious code in material-ui-plugin-theme-provider-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6279e90d49af7dd292e465c05215854f32d03268608c9c61edfea5ce62ee9b64 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in material-ui-plugin-theme-provider-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6279e90d49af7dd292e465c05215854f32d03268608c9c61edfea5ce62ee9b64 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...