Lucene search
K

96 matches found

RustSec
RustSec
added 2022/04/27 12:0 p.m.18 views

`array!` macro is unsound when its length is impure constant

Affected versions of this crate did substitute the array length provided by an user at compile-time multiple times. When an impure constant expression is passed as an array length such as a result of an impure procedural macro, this can result in the initialization of an array with uninitialized...

3.3AI score
Exploits0Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/06/17 6:23 a.m.43 views

Embedded security fails in ICS

Over the last 5 years, we’ve seen an increasing use of open-source software in ICS Industrial Control Systems devices, with a move away from traditional RTOS Real Time Operating System and proprietary software. We’ve seen RTUs Remote Terminal Units, HMIs Human-Machine Interfaces and even PLCs...

7.4AI score
Exploits0
OSV
OSV
added 2019/04/22 4:29 p.m.7 views

AZL-6306 CVE-2016-1585 affecting package apparmor for versions less than 2.13-16

In all versions of AppArmor mount rules are accidentally widened when compiled...

9.8CVSS6.2AI score0.01034EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/08/16 4:6 p.m.4 views

pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)

The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...

7.5CVSS7.5AI score0.04546EPSS
Exploits0References4
OSV
OSV
added 2017/07/21 2:29 p.m.2 views

DEBIAN-CVE-2015-5195

ntpopenssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service segmentation fault via a crafted statistics or filegen configuration command that is not enabled during compilation...

7.5CVSS6.9AI score0.07483EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/04/17 12:0 a.m.76 views

Fedora 25 : qt5-qtwebengine (2017-ae1fde5fb8)

This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199,...

8.8CVSS6.6AI score0.11182EPSS
Exploits5References30
ThreatPost
ThreatPost
added 2016/11/07 1:50 p.m.59 views

Microsoft Tears off the Band-Aid with EMET

Microsoft last week extended the end-of-life expiration date to July 2018 on its exploit mitigation add-on, the Enhanced Mitigation Experience Toolkit EMET. But for some time, the once-useful tool has been well on its way out to pasture. While EMET was never meant to be anything more than stopgap...

9.3CVSS0.9AI score0.99945EPSS
Exploits33References4
OSV
OSV
added 2016/09/16 5:59 a.m.7 views

CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

5.9CVSS5.5AI score
Exploits0References8
Prion
Prion
added 2016/09/16 5:59 a.m.12 views

Design/Logic Flaw

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

4.3CVSS6.4AI score0.02288EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2016/09/16 12:0 a.m.3 views

PT-2016-7317

Name of the Vulnerable Software and Affected Versions Crypto++ versions through 5.6.4 Description The issue concerns the lack of documentation for a compile-time definition that disables assert calls, potentially allowing attackers to obtain sensitive information from process memory after an...

7.5CVSS5.8AI score0.02288EPSS
Exploits0References26
n0where
n0where
added 2015/09/23 5:32 p.m.620 views

Bash: How to open TCP/UDP sockets

How to open TCP/UDP sockets using a built-in feature in Bash ? Bash shell has a built-in feature that allows to open TCP/UDP sockets using a simple syntax. This is very useful when tools like netcat are not installed or we don’t have the permission to use it. The syntax is $ exec...

7AI score
Exploits0
n0where
n0where
added 2015/09/14 5:20 a.m.23 views

Security Oriented Fuzzer: American Fuzzy Lop

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage fo...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2015/08/01 4:15 p.m.32 views

PEframe - Tool to perform static analysis on Portable Executable malware

PEframe is a open source tool to perform static analysis on Portable Executable malware. Usage $ peframe malware.exe $ peframe --option malware.exe Options --json Output in json --import Imported function and dll --export Exported function and dll --dir-import Import directory --dir-export Export...

7.1AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2010/04/05 12:0 a.m.43 views

Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability

This vulnerability allows remote attackers to violate security policies on vulnerable installations of Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must run a malicious applet. The specific flaw allows malicious applets to connect to network...

10CVSS2.5AI score0.03036EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2004/09/01 4:0 a.m.40 views

CVE-2004-0256

GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp...

2.1CVSS6.2AI score0.00348EPSS
Exploits0
securityvulns
securityvulns
added 2004/02/03 12:0 a.m.31 views

Symlink Vulnerability in GNU libtool <1.5.2

Vulnerable: libtool 1.5.2 Not Vulnerable: libtool 1.5.2 Project website: http://www.gnu.org/software/libtool/libtool.html Description of libtool from website: "GNU libtool is a generic library support script. Libtool hides the complexity of using shared libraries behind a consistent, portable...

6.9AI score
Exploits0
Rows per page
Query Builder