SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2019:0803-1)

This update for openssl fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2019:0600-1)

This update for openssl-100 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

SUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2019:0572-1)

This update for openssl-100 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond...

PT-2019-6224 · Zziplib +9 · Zziplib +9

Name of the Vulnerable Software and Affected Versions: zziplib version 0.13.69 Description: The issue is related to an infinite loop in the unzzip cat file function, which can be exploited by remote attackers to cause a denial of service. This is achieved via the return value of zzip file read. T...

Beers with Talos Ep. #46 - Privacy Pwnd: ExileRAT and Collecting Bad Karma

Beers with Talos BWT Podcast Ep. 46 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 46 show notes: Recorded Feb. 1, 2019 Today we discuss threats that bridge the gap between violating privacy and classic...

openSUSE Security Update : openssl-1_1 (openSUSE-2019-152)

This update for openssl-11 fixes the following issues : Security issues fixed : - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 - Fix FIPS RSA generator bsc1118913 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C...

Security update for openssl-1_1 (moderate)

openSUSE Security Update: Security update for openssl-11 Announcement ID: openSUSE-SU-2019:0152-1 Rating: moderate References: 1117951 1118913 Cross-References: CVE-2018-0737 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is now available...

Buffer overflow

GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the catmultiplefiles function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames...

UBUNTU-CVE-2018-20762

GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the catmultiplefiles function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames...

SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2019:0197-1)

This update for openssl-11 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations bsc1117951 Fix FIPS RSA generator bsc1118913 Note that Tenable Network Security has extracted the preceding description block directly from the...

Command execution vulnerability in Bell Optical Cat backend dd***.cgi file

Nokia Bell Shanghai is a company that provides end-to-end information and communication solutions and high-quality services to carrier and non-carrier customers. A command execution vulnerability exists in the dd.cgi file in the background of Bell Fiber Optic Cats, which can be exploited by...

CVE-2018-20562

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/articlecategory.php?rec=update has XSS via the catname parameter...

DEBIAN-CVE-2018-19497

In The Sleuth Kit TSK through 4.6.4, hfscattraverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service SEGV on unknown address with READ memory access in a tskgetu16 call in hfsdiropenmetacb in tsk/fs/hfsdent.c...

c17.cat XSS vulnerability

Open Bug Bounty ID: OBB-704860 Description| Value ---|--- Affected Website:| c17.cat Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until...

PT-2018-14975 · Tsk +1 · The Sleuth Kit +1

Name of the Vulnerable Software and Affected Versions: The Sleuth Kit TSK versions 4.6.4 and earlier Description: The issue allows attackers to cause a denial of service. It is related to the function hfs cat traverse in tsk/fs/hfs.c, which does not properly determine when a key length is too...

cat-press.com XSS vulnerability

Open Bug Bounty ID: OBB-691105 Description| Value ---|--- Affected Website:| cat-press.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes

/ Linux/x86 - execve/bin/cat /etc/ssh/sshdconfig Shellcode 44 Bytes Author: Goutham Madhwaraj Tested on: i686 GNU/Linux Shellcode Length: 44 ShoutOut - BarrierSec gcc -fno-stack-protector -z execstack loader-bind.c -o Disassembly of section .text: 08048080 : 8048080: 31 c0 xor eax,eax 8048082: 50...

br.com.thiaguten:umbrella-monitoring (>=0.1.0 <=0.1.1), cc.catalysts.boot:cat-boot-javamelody (>=0.0.4 <=0.2.28) +7 more potentially affected by CVE-2018-15531 via net.bull.javamelody:javamelody-core (>=1.10.0 <=1.73.1)

net.bull.javamelody:javamelody-core MAVEN version =1.10.0, =0.1.0, =0.0.4, =1.57.0, =1.64.0, =1.5.7.0, =1.10.0, =2.0.0, =2.0.0, =2.0.1 - uk.ac.ebi.interpro.scan:server =5.36-75.0 Source cves: CVE-2018-15531 Source advisory: OSV:GHSA-6FVX-R7HX-3VH6...

AZL-7014 CVE-2018-17828 affecting package zziplib for versions less than 0.13.69-8

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

PT-2018-14208

Name of the Vulnerable Software and Affected Versions ZZIPlib version 0.13.69 Description The issue allows attackers to overwrite arbitrary files via a .. dot dot in a zip file. This is due to the unzzip cat function in the bins/unzzipcat-mem.c file. Recommendations For ZZIPlib version 0.13.69,...