AIX 7.2 TL 3 : perl (IJ26986)

https://vulners.com/cve/CVE-2020-10543 https://vulners.com/cve/CVE-2020-10543 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl before 5.30.3 has an integer overflow related to mishandling of a...

AIX 7.1 TL 5 : perl (IJ26985)

https://vulners.com/cve/CVE-2020-10543 https://vulners.com/cve/CVE-2020-10543 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl before 5.30.3 has an integer overflow related to mishandling of a...

APKLab - Android Reverse Engineering WorkBench For VS Code

APKLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer and more to the excellent VS Code so you can focus on app analysis and get it done without leaving the IDE. Features Decode all the resources from an APK Disassemble the APK to Dalvik bytecode aka Smali...

Sandbox Escape

In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 aka Quake 3 engine forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as...

EulerOS 2.0 SP2 : perl (EulerOS-SA-2020-2380)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large ite...

Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox Shader Bytecode Type Confusion Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox Shader Bytecode Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

EulerOS 2.0 SP3 : perl (EulerOS-SA-2020-2085)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer...

CVE-2020-25258

CVE-2020-25258 (Hyland OnBase) affects OnBase versions 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue arises from using ASP.NET BinaryFormatter.Deserialize in SOAP messages, enabling an attacker to transmit and execute...

CVE-2020-25258

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages...

Hyland OnBase Bytecode Execution Vulnerability

Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase has a bytecode execution vulnerability that stems from a problem with the way OnBase uses ASP.NET BinaryFormatter.Deserialize, which can be exploited by an attacker to transmit and...

JITSploitation I: A JIT Bug

By Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl (EulerOS-SA-2020-1894)

According to the versions of the perl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive Sstudychu...

Integer Overflow

Perl has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...

EulerOS 2.0 SP8 : perl (EulerOS-SA-2020-1820)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Perl before 5.30.3 has an integer overflow related to mishandling of a 'PLregkindOPn == NOTHING' situation. A crafted regular expression could lea...

VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Mitigation To mitigate this flaw, developers should not allow untrusted regular...

CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...