CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...

CVE-2020-24890

libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Open-Xchange: A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference

Reproduction realcrash.sieve is the attached script 1. Build dovecot and pigeonhole 2. Run sievec realcrash.sieve Requirements include and variables extensions should be required. One of the global commands global/export/import without any arguments should be followed by the same command with val...

X64Dbg - An Open-Source X64/X32 Debugger For Windows

An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog! Screenshots Installatio...

CVE-2020-13896

The web interface of Maipu MP1800X-50 7.5.3.14R devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Fedora 31 : tcpreplay (2020-256ac53cc7)

This release contains bug fixes only which includes security fixes : - Increase cache buffers size to accomodate VLAN edits 594 - Correct L2 header length to correct IP header offset 583 - Fix warnings from gcc version 10 580 - Heap Buffer Overflow in randomizeiparp 579 - Use after free in...

Remote Code Execution (RCE)

jenkins-script-security-plugin is vulnerabl to sandbox protection bypass during script compilation phase by applying AST transforming annotations...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

The vulnerability in the kernel compilation process of Ubuntu-based operating systems allows a attacker to execute a type of attack known as “man-in-the-middle” attack.

The vulnerability of the kernel compilation process for Ubuntu-based operating systems is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack using a specially crafted malware package...

wxHexEditor - Hex Editor / Disk Editor for Huge Files or Devices on Linux, Windows and MacOSX

wxHexEditor is another Free Hex Editor, build because there is no good hex editor for Linux system, specially for big files. Low Level Data Recovery with wxHexEditor wxHexEditor is not an ordinary hex editor, but could work as low level disk editor too. If you have problems with your HDD or...

CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

CVE-2020-8141

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

Design/Logic Flaw

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

CVE-2020-8141

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

MGASA-2020-0108 Updated rsync packages fix security vulnerabilities

Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2016-9840, CVE-2016-9841 It was...

Dnssearch - A Subdomain Enumeration Tool

This software is a subdomain enumeration tool. Purpose dnssearch takes an input domain -domain parameter and a wordlist -wordlist parameter , it will then perform concurrent DNS requests using the lines of the wordlist as sub domains eventually bruteforcing every sub domain available on the top...

Building a bypass with MSBuild

By Vanja Svajcer. NEWS SUMMARY Living-off-the-land binaries LoLBins continue to pose a risk to security defenders. We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. These threats demonstrate techniques T1127 Trusted Developer Utilities and T1500 Compile After...

CVE-2019-20454

An out-of-bounds read was discovered in PCRE when the pattern "\X" is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to crash the application...