Lucene search
+L

257 matches found

Veracode
Veracode
added 2020/04/10 12:59 a.m.25 views

Privilege Escalation

perl is vulnerable to privilege escalation. The vulnerability exists as it was found that certain Perl string manipulation functions such as uc and lc failed to preserve the taint bit. A remote attacker could use this flaw to bypass the Perl taint mode protection mechanism in scripts that use the...

5CVSS2.8AI score0.08411EPSS
Exploits1References18Affected Software1
Kitploit
Kitploit
added 2020/01/12 9:18 p.m.62 views

LAVA - Large-scale Automated Vulnerability Addition

Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora i.e., software that has known bugs with triggering inputs. LAVA attempts to solve this problem by automatically injecting bugs into software. Every LAVA bug is accompanied by an input that...

7AI score
Exploits0References4
NVD
NVD
added 2019/12/22 6:15 p.m.32 views

CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

9CVSS7.5AI score0.0316EPSS
Exploits0References5
Prion
Prion
added 2019/12/22 6:15 p.m.25 views

Design/Logic Flaw

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

9CVSS7.4AI score0.0316EPSS
Exploits0References5Affected Software3
Debian CVE
Debian CVE
added 2019/12/22 5:7 p.m.53 views

CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

9CVSS9AI score0.0316EPSS
Exploits0
Kitploit
Kitploit
added 2019/10/11 8:30 p.m.244 views

DECAF - Short for Dynamic Executable Code Analysis Framework

DECAF++, the new version of DECAF, taint analysis is around 2X faster making it the fastest, to the best of our knowledge, whole-system dynamic taint analysis framework. This results in a much better usability imposing only 4% overhead SPEC CPU2006 when no suspicious tainted input exists. Even...

7.5AI score
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/08/06 12:40 p.m.8 views

ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

8.1CVSS7.3AI score0.07968EPSS
Exploits0References5
OSV
OSV
added 2019/02/19 5:29 p.m.5 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS8.4AI score
Exploits0References6
OSV
OSV
added 2019/02/19 5:29 p.m.0 views

DEBIAN-CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS6.6AI score0.01632EPSS
Exploits0References1
NVD
NVD
added 2019/02/19 5:29 p.m.14 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS6.5AI score0.01632EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2019/02/19 5:29 p.m.4 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS5.4AI score0.01632EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2019/02/19 5:29 p.m.25 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.01632EPSS
Exploits0References1
OSV
OSV
added 2019/02/19 5:29 p.m.3 views

UBUNTU-CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.01632EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/02/19 5:0 p.m.37 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.1AI score0.01632EPSS
Exploits0
Kitploit
Kitploit
added 2019/02/16 12:32 p.m.550 views

Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!

Ponce pronounced 'poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...

8.1AI score
Exploits0References13
RedHat Linux
RedHat Linux
added 2019/02/12 2:46 a.m.22 views

chromium-browser: Insufficient policy enforcement in Canvas

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.01632EPSS
Exploits0References5
Kitploit
Kitploit
added 2019/02/05 12:39 p.m.152 views

Bincat - Binary Code Static Analyser, With IDA Integration

BinCAT is a static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA. It features: value analysis registers and memory taint analysis type reconstruction and propagation backward and forward analysis use-after-free and double-free detection In action You can chec...

7.2AI score
Exploits0References10
OSV
OSV
added 2019/01/11 6:29 p.m.4 views

DEBIAN-CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking...

4.3CVSS8.2AI score0.02279EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2019/01/11 6:0 p.m.58 views

CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking...

4.3CVSS5.9AI score0.02279EPSS
Exploits0
Hacker One
Hacker One
added 2018/12/08 3:22 p.m.12 views

Ruby: The taint flag is not propagated at JSON.parse

Vulnerability description not provided...

7.1AI score
Exploits0
Rows per page
Query Builder