CVE-2019-20454

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. T...

UBUNTU-CVE-2019-20454

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. T...

PT-2020-15317 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.69 and earlier Description: The issue allows sandbox protection to be circumvented during the script compilation phase. This can be achieved by applying AST transforming annotations to imports or by...

RUSTSEC-2020-0169 multi_mut is Unmaintained

Last release was about 6 years ago. There is an outstanding soundness issue. The maintainer has not responded for two years to the existing soundness issue. Rust compiler has enabled errors relating to LLVM noalias rules and may not compile anymore where as the old compiler versions had turned...

venom

This is a Metasploit framework module for generating shellcode and compiling it into an executable file. The module, named "venom", uses msfvenom to generate shellcode in various formats and injects it into a template, which is then compiled using compilers like gcc or pyinstaller. The module als...

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

Unbreakable Enterprise kernel security update

4.14.35-1902.10.4.el7uek - kvm: Don't reference vcpu-arch.st in arch-independent code Boris Ostrovsky Orabug: 30489861 - kvm: fix compile on s390 part 2 Christian Borntraeger Orabug: 30489861 - kvm: fix compilation on s390 Paolo Bonzini Orabug: 30489861 - kvm: fix compilation on aarch64 Paolo...

Hershell - Multiplatform Reverse Shell Generator

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2649)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Input validation

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege...

Exploit for Double Free in Whatsapp

CVE-2019-11932 Modifiez l'adresse d'écoute celle de l'attaqu...

venom

This is a Metasploit framework module for generating shellcode and compiling it into an executable file. The module, named "venom," is designed to produce shellcode in various formats C, Python, Ruby, DLL, MSI, HTA-PSH and inject it into a template e.g., Python that executes the shellcode in RAM...

kernel security and bug fix update

3.10.0-1062.7.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 3.10.0-1062.7.1 - drm drm/i915/cmdparser: Fix jump whitelist clearing Dave Airlie...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...

Sojobo - A Binary Analysis Framework

Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don't need to install or compile any other external libraries the project is self contained. With Sojobo you can: Emulate a 32 bit PE binary...

EulerOS 2.0 SP5 : libdwarf (EulerOS-SA-2019-2204)

According to the versions of the libdwarf package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - dwarfleb.c in libdwarf allows attackers to cause a denial of service SIGSEGV.CVE-2015-8538 - The dwarfdealloc function in libdwarf before...

Xray - A Tool For Recon, Mapping And OSINT Gathering From Public Networks

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It'll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation

The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let notAGetterSetter = whatever: 42; function v2v5 const v10 = Object; if v5 const v1...

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let...

JavaScriptCore GetterSetter Type Confusion

JSC: GetterSetter type confusion during DFG compilation The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let notAGetterSetter =...