Lucene search
K

31256 matches found

OSV
OSV
added 2020/08/06 6:15 p.m.1 views

UBUNTU-CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

7.5CVSS6.9AI score0.0473EPSS
Exploits0References6
Prion
Prion
added 2020/08/06 6:15 p.m.33 views

Design/Logic Flaw

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

5CVSS7.4AI score0.0473EPSS
Exploits0References15Affected Software4
OSV
OSV
added 2020/08/06 5:15 p.m.4 views

CVE-2020-13365

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0,...

8.8CVSS7.3AI score0.00972EPSS
Exploits0References2
Prion
Prion
added 2020/08/06 5:15 p.m.29 views

Design/Logic Flaw

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0,...

9CVSS8.7AI score0.00972EPSS
Exploits0References2Affected Software4
Cvelist
Cvelist
added 2020/08/06 5:3 p.m.28 views

CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

7.8AI score0.0473EPSS
Exploits0References15
CVE
CVE
added 2020/08/06 5:3 p.m.452 views

CVE-2020-16845

CVE-2020-16845 affects Go’s encoding/binary ReadUvarint/ReadVarint when fed invalid inputs, enabling an infinite read loop. Affected are Go before 1.13.15 and 1.14.x before 1.14.7. Impact is potential DoS due to resource exhaustion. Remediation: upgrade Go to versions containing the fix (Go 1.13....

7.5CVSS7.7AI score0.0473EPSS
Exploits0References15Affected Software1
Debian CVE
Debian CVE
added 2020/08/06 5:3 p.m.33 views

CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

7.5CVSS7.1AI score0.0473EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/08/06 12:0 a.m.50 views

go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

The Go project reports: Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from the...

7.5CVSS1.4AI score0.0473EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/08/05 3:47 p.m.416 views

Microsoft Teams Patch Bypass Allows RCE

COVID-19 has spurred the use of videoconferencing for businesses worldwide – and this expanded threat surface has lured attackers like moths to a flame. Adding insult to injury, researchers have recently discovered a workaround for a previous patch issued for Microsoft Teams, that would allow a...

0.2AI score0.26869EPSS
Exploits0References7
Gitee
Gitee
added 2020/08/05 2:30 p.m.9 views

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious version, which is then executed when a container is run. The vulnerability is present in the runc binary, which is responsible for...

9.3CVSS7.4AI score0.9857EPSS
Exploits33
Gitee
Gitee
added 2020/08/04 5:58 p.m.3 views

pwntools

This repository is an offensive tool for binary exploitation, specifically a Python library for writing exploits. It is not a PoC exploit for a specific CVE, but rather a toolkit for creating exploits. The primary vulnerability class targeted by this library is not explicitly stated, but it is...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/08/03 10:41 a.m.3 views

pwntools

It is an offensive tool for binary exploitation. The repository contains the pwntools project, a Python library for binary exploitation. The primary vulnerability class targeted by this tool is RCE Remote Code Execution. The probable entry points for this tool are the exploit.py script and the...

8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/07/31 12:0 a.m.20 views

Python Software Foundation Python Installed (Windows)

Binary data pythonwininstalled.nbin...

7.3AI score
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2020/07/30 12:0 a.m.67 views

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.3CVSS3.2AI score0.02888EPSS
Exploits0
ICS
ICS
added 2020/07/30 12:0 a.m.444 views

ICSA-20-212-02_Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Multiple Factory Automation Engineering Software products Vulnerability: Permission Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...

9.8CVSS9.3AI score0.00827EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/07/28 10:0 p.m.64 views

SNOWCRASH - A Polyglot Payload Generator

A polyglot payload generator Introduction SNOWCRASH creates a script that can be launched on both Linux and Windows machines. Payload selected by the user in this case combined Bash and Powershell code is embedded into a single polyglot template, which is platform-agnostic. There are few payloads...

7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/07/28 12:0 a.m.17 views

IBM MQ Service Detection

Binary data ibmmqseriesdetect.nbin...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/07/28 12:0 a.m.16 views

Trend Micro InterScan Web Security Virtual Appliance Detection

Binary data trendmicroiwsvadetect.nbin...

7.3AI score
Exploits0References1
0day.today
0day.today
added 2020/07/27 12:0 a.m.426 views

Microsoft Windows Unsafe Handling Practices Vulnerability

This post outlines multiple unsafe practices in Microsoft Windows that can allow for local privilege escalation. This multi-part post can be read even without a MIME-compliant program! Back in 2014, I reported a vulnerability in CreateProcess's handling of .cmd and .bat files that Microsoft fixed...

6.9CVSS6.7AI score0.14619EPSS
Exploits4
Gentoo Linux
Gentoo Linux
added 2020/07/27 12:0 a.m.66 views

Binutils: Multiple vulnerabilities

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers...

6.5CVSS1.9AI score0.02752EPSS
Exploits5
Rows per page
Query Builder