Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)

There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. For more details please see: https://invdos.net/ For the paper:...

CVE-2020-1911

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...

CVE-2020-1911

CVE-2020-1911 concerns a type confusion in Facebook Hermes when resolving properties of JavaScript objects with specially-crafted prototype chains, prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da. The vulnerability could allow arbitrary code execution if untrusted JavaScript is evaluated...

ysoserial

This is a Java tool called ysoserial, which is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to execute arbitrary code on a Java application that performs unsafe deserialization of objects...

Back-to-School Shopping in 2020?

When I was a kid, back-to-school shopping was a really big deal. My mom and I would head out to the local T.J. Maxx and spend hours hunting for bargains on clothes, a backpack, a lunch box, and other "necessary" school supplies. We always hit the Friendly's next door after our shopping excursion,...

Critical vulnerability in legacy versions of TYPO3 CMS

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...

typo3 -- multiple vulnerabilities

Typo3 Team reports: In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This...

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...

Mozilla Thunderbird < 78.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-29 advisory. - Mozilla developers and community members Bob Clary, Benjamin Bouvier, Calixte Denizet, Christian Holler...

DEBIAN-CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...

CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...

Code injection

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...

CVE-2020-12421

CVE-2020-12421 describes a flaw where add-on updates could reject certificate chains terminating in non-built-in roots, causing add-ons to appear out-of-date without user notification. Public advisories place affected products as Mozilla Firefox ESR (&lt;68.10) and Firefox (&lt;78) and Thunderbird (

CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...

CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...

CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-4408-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4408-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacke...

Updated firefox packages fix security vulnerability

Updated nss and firefox packages fix security vulnerabilities: NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys CVE-2020-12399. Side channel vulnerabilities during RSA key generation in NSS CVE-2020-12402. When browsing ...

USN-4408-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. CVE-2020-12415,...