SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools

New and improved C Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for...

New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys

Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication 2FA device can clone it...

CVE-2021-3011

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a...

Mozilla Rust rocket crate competitive conditions issue vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A contention condition issue vulnerability exists in rocket crate in versions of Mozilla Rust prior to 0.4.5, which stems from LocalRequest::clone creating multiple mutable references to the same object, which c...

`FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory

Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...

RUSTSEC-2020-0132 `FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory

Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...

Design/Logic Flaw

An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race...

Rust rocket crate 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A contention condition issue vulnerability exists in rocket crate in versions of Mozilla Rust prior to 0.4.5, which stems from LocalRequest::clone creating multiple mutable references to the same object, which c...

GHSA-45Q2-34RF-MR94 Code Injection in mquery

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

RUSTSEC-2020-0127 SyncRef's clone() and debug() allow data races

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...

SyncRef's clone() and debug() allow data races

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...

PT-2020-17627 · Rust · V9 Crate

Name of the Vulnerable Software and Affected Versions: v9 crate through 2020-12-18 Description: An issue was discovered in the v9 crate, where affected versions unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. The SyncRef derives...

Prototype Pollution

mquery is vulnerable to prototype pollution. The vulnerability exists as it does not prevent proto, constructor, prototype to be added in a merge or clone operation...

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

Mquery Security Vulnerability

Aheckmann Mquery is a Javascript-based codebase for efficiently generating Mongdb query statements from the individual developer Aheckmann. A security vulnerability exists in mquery lib/utils.js versions prior to 3.2.3, which allows contamination attacks because a special attribute e.g. proto can...

RUSTSEC-2020-0091 Dangling reference in `access::Map` with Constant

Using the arcswap::access::Map with the Constant test helper or with user-provided implementation of the Access trait could sometimes lead to the map returning dangling references. Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on...

Dangling reference in `access::Map` with Constant

Using the arcswap::access::Map with the Constant test helper or with user-provided implementation of the Access trait could sometimes lead to the map returning dangling references. Replaced by implementation without unsafe, at the cost of added Clone bound on the closure and small penalty on...

CVE-2020-26236

In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and i...

Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...