Unsound FFI: Wrong API usage causes write past allocated area

The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...

PT-2022-6854

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue is related to an unbounded resource allocation in the Libraries component of Oracle Java SE and Oracle GraalV...

API Portal: Introduction, Usage and Security Tips

As the name suggests, an API Portal is an intermediary used for connecting API suppliers and end-users. Situated on the company’s website, it’s a document featuring the key usages of API. While one tries to grasp the essence of API and its usage, knowing properly about API Portal is essential, as...

RomBuster - A Router Exploitation Tool That Allows To Disclosure Network Router Admin Password

RomBuster is a router exploitation tool that allows to disclosure network router admin password. Features Exploits vulnerabilities in most popular routers such as D-Link, Zyxel, TP-Link and Huawei. Optimized to exploit multiple routers at one time from list with threading enabled. Simple CLI and...

UBUNTU-CVE-2020-36325

DISPUTED An issue was discovered in Jansson through 2.13.1. Due to a parsing error in jsonloads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification...

PT-2021-12008 · Jansson +1 · Jansson +1

Name of the Vulnerable Software and Affected Versions: Jansson versions through 2.13.1 Description: An issue was discovered due to a parsing error in json loads, resulting in an out-of-bounds read-access bug. This issue only occurs when a programmer fails to follow the API specification...

Joker Android Malware Snowballs on Google Play

Google has removed 17,000 Android apps to date from the Play store that have been conduits for the Joker malware a.k.a. Bread – and in an analysis of the code, said that Joker’s operators have “at some point used just about every cloaking and obfuscation technique under the sun in an attempt to g...

DEBIAN-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

HackerOne: Disclosure of Email title report in quick award paypout email (no content mode)

Hello H1 Security Team Description In report 645264 and 669776, email title disclosure has been fixed in no content settings. However, there is one more area which needs to be fix - "Instant bounty Award Email". In this email, even though email settings have been set as "No content", still it's...

Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API

More info at https://phabricator.wikimedia.org/T199540...

Unbreakable Enterprise kernel security update

2.6.39-400.304.1 - mnt: Prevent pivotroot from creating a loop in the mount tree Eric W. Biederman Orabug: 26575709 CVE-2014-7970 CVE-2014-7970 - vfs: more mntparent cleanups Al Viro Orabug: 26575709 CVE-2014-7970 - vfs: new internal helper: mnthasparentmnt Al Viro Orabug: 26575709 CVE-2014-7970 ...

MacOS/iOS kernel double free due to incorrect API usage in flow divert socket option handling(CVE-2017-13867)

SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKETlayer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is: error = sooptgetmsopt, &token; if error goto done; error = sooptmcopyinsopt, token; if error goto done; ... done: if token...

Apple macOSiOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling

Apple macOSiOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct...

Apple macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is: error = sooptgetmsopt, &token; if error goto don...

CVE-2016-1219

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use...

WordPress 4.7.0 / 4.7.1 - Unauthenticated Content Injection (PoC) Exploit

Exploit for php platform in category web applications Exploit Title: Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC Date: 2017-02-02 Exploit Author: @leonjza Vendor Homepage: https://wordpress.org/ Software Link: https://wordpress.org/wordpress-4.7.zip Version: Wordpress 4.7.0/4.7.1...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes : - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at...

java-1_7_0-openjdk: update to 2.3.6 (critical)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes: Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at constructi...

[SECURITY] [DSA 1718-1] New boinc packages fix validation bypass

------------------------------------------------------------------------ Debian Security Advisory DSA-1718-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 08, 2009 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1700-1] New lasso packages fix validation bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1700-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 11, 2009 http://www.debian.org/security/faq -...