Unsound casting in flatbuffers

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...

SUSE-SU-2021:2292-1 Security update for dbus-1

This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's bsc1187105...

Security update for dbus-1 (important)

openSUSE Security Update: Security update for dbus-1 Announcement ID: openSUSE-SU-2021:2292-1 Rating: important References: 1187105 Cross-References: CVE-2020-35512 CVSS scores: CVE-2020-35512 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35512 SUSE: 7...

Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix

Humans are an organization's strongest defence against evolving cyber threats, but security awareness training alone often isn't enough to transform user behaviour. In this guide, usecure looks at why Human Risk Management HRM is the new fix for building a security-savvy workforce. Don't be...

SUSE: Security Advisory (SUSE-SU-2018:3685-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-30152

In mediawiki package when using API to protect a page, user with "protect" permission can protect the page to a higher level than they can edit...

CVE-2020-5360

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems...

FreeBSD : gnupg -- AEAD key import overflow (f9fa7adc-ee51-11ea-a240-002590acae31)

Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour. Importing an arbitrary key can often easily be triggered by an attacker and thus triggering this bug. Exploiting the bug aside from crashes ...

openSUSE Security Update : ldb / samba (openSUSE-2020-1023)

"This update for ldb, samba fixes the following issues : Changes in samba : - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; bso14364 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

multi_mut is Unmaintained

Last release was about 6 years ago. There is an outstanding soundness issue. The maintainer has not responded for two years to the existing soundness issue. Rust compiler has enabled errors relating to LLVM noalias rules and may not compile anymore where as the old compiler versions had turned...

RUSTSEC-2020-0169 multi_mut is Unmaintained

Last release was about 6 years ago. There is an outstanding soundness issue. The maintainer has not responded for two years to the existing soundness issue. Rust compiler has enabled errors relating to LLVM noalias rules and may not compile anymore where as the old compiler versions had turned...

RUSTSEC-2019-0028 Unsound `impl Follow for bool`

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...

Service workers at TPAC

Last month we had a service worker meeting at the W3C TPAC conference in Fukuoka. For the first time in a few years, we focused on potential new features and behaviours. Here's a summary: Resurrection finally killed reg.unregister; If you unregister a service worker registration, it's removed fro...

Design/Logic Flaw

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer...

CVE-2019-2241

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer...

Rogue Access Point Toolkit : hostapd-mana

hostapd-mana is a featureful rogue wifi access point tool. It can be used for a myriad of purposes from tracking and deanonymising devices aka Snoopy, gathering corporate credentials from devices attempting EAP aka WPE or attracting as many devices as possible to connect to perform MitM attacks...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)

The remote OracleVM system is missing necessary patches to address critical security updates : - dm: fix race between dmgetfromkobject and dmdestroy Hou Tao CVE-2017-18203 - drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman Orabug: 27986407 CVE-2018-8781 - kernel/exit.c: avoid...

Security Bulletin: IBM MQ is affected by a potential denial of service to channel processes (CVE-2017-1557)

Summary An IBM MQ application with authority to connect to a remote queue manager could send a malicious request that could cause undefined behaviour within the channel process servicing that connection, including a loss of service for other connections being serviced by the same channel process...

Trend Micro at MWC: Securing Our Mobile, Connected World

Time flies pretty fast in tech. When Trend Micro was founded nearly 30 years ago, mobile phones were pretty clunky, prohibitively expensive and not in the least bit “smart.” Fast forward to today and the device in your pocket has more compute power than the NASA machines that put man on the moon...

references.equine-behaviour.de XSS vulnerability

Vulnerable URL:...