Lucene search
K

32 matches found

Github Security Blog
Github Security Blog
added 2024/08/19 4:2 p.m.19 views

SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...

8.4AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/08/15 12:0 p.m.12 views

RUSTSEC-2024-0363 Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...

8.4AI score
Exploits0References3
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.7 views

Fedora: Security Advisory for rust-clippy-sarif (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.8 views

Fedora: Security Advisory for rust-clippy-sarif (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2024/05/26 1:28 a.m.8 views

[SECURITY] Fedora 40 Update: rust-clippy-sarif-0.4.2-3.fc40

Convert clippy output to SARIF...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.14 views

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2024-574)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-574 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Tenable has extracted the preceding...

5.5AI score
Exploits0References2
OSV
OSV
added 2024/02/27 12:0 p.m.13 views

RUSTSEC-2024-0018 ObjectPool creates uninitialized memory when freeing objects

As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...

7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/08 12:0 a.m.43 views

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2023-323)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-323 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archiv...

7.9CVSS7AI score0.00763EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/09/30 12:0 a.m.27 views

openSUSE Security Update : rust (openSUSE-2019-2203)

This update for rust fixes the following issues : Rust was updated to version 1.36.0. Security issues fixed : - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety bsc1134978 - CVE-2018-1000622: rustdoc loads plugins from world-writab...

8.1CVSS6.9AI score0.02216EPSS
Exploits1References6
Schneier on Security
Schneier on Security
added 2019/05/08 11:3 a.m.61 views

Malicious MS Office Macro Creator

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code via p-code and confuse...

2.4AI score
Exploits0
Kitploit
Kitploit
added 2019/04/28 12:58 p.m.229 views

Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code via P-Code and confuse macro analysis tools. Runs on Linux, OSX and Windows. Current features Hide VBA macros from the GUI editor VBA stomping P-code abuse Fool analyst tools Serve VBA stomp...

7.5AI score
Exploits0References4
Kitploit
Kitploit
added 2012/12/27 5:2 a.m.13 views

[BeEF] Fake Browser Update Exploitation

How to use BeEF Framework for fake browser update exploitation. Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to insta...

7.3AI score
Exploits0
Rows per page
Query Builder