CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

Command injection

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

The vulnerability CVE-2019-15599 affects the Windows component of the Node package tree-kill, where the input to the kill() function is not properly sanitized and is concatenated into an exec() call. This leads to remote code execution if an attacker provides controlled input. Public advisories c...

EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2019-2674)

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tcpdump 4.9.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via crafted packet data. Th...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2642)

According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. Th...

CVE-2019-19816

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in btrfsmapblock in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled...

Command Injection

Overview Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems...

EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2019-2435)

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tcpdump 4.9.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via crafted packet data. Th...

EulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-2464)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...

CVE-2011-3631

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local us...

CVE-2011-3630

Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink...

Integer overflow

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local us...

CVE-2011-3631

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local us...

CVE-2011-3631

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local us...

CVE-2011-3630

CVE-2011-3630 concerns the hardlink project prior to version 0.1.2, which is affected by multiple stack-based buffer overflow flaws when processing deeply nested directory trees. According to the connected NVD entry, a remote attacker can craft a directory tree and trick the local user into conso...

FIDL: FLARE’s IDA Decompiler Library

IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a...

Design/Logic Flaw

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...

Race condition

libuser 0.56 and 0.57 has a TOCTOU time-of-check time-of-use race condition when copying and removing directory trees...