CVE-2017-16137

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

CVE-2017-16137

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

Chrome V8 PromiseAllResolveElementClosure Element Confusion

Chrome: V8: PromiseAllResolveElementClosure can cause elements kind confusion The Promise.all method internally uses PromiseAllResolveElementClosure https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-promise-gen.cc?rcl=dc2d3bb9711effb349df58af26c49169aa019121&l=1910 as a resolver for...

PoC

Scripts for porting debug symbol information idb2patriprel...

SUSE-SU-2018:1537-1 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606466 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Inte...

CentOS Update for pcs CESA-2018:1060 centos7

Check the version of pcs SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882895";...

Apple Mac OS X Security Updates (HT208849)-03

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Null pointer dereference

Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...

CVE-2018-11591

Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...

CVE-2018-11591

Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...

CVE-2018-11591

Espruino before version 1.98 is affected by a denial-of-service vulnerability caused by a NULL pointer dereference during syntax parsing when processing a crafted input file. Multiple connected sources confirm that the issue exists in Espruino 1.97 and earlier, and it was mitigated by adding vali...

CVE-2018-11591

Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...

CentOS 7 : pcs (CESA-2018:1060)

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Fedora 26 : xen (2018-7cd077ddd3)

x86: mishandling of debug exceptions XSA-260, CVE-2018-8897 x86 vHPET interrupt injection errors XSA-261, CVE-2018-10982 1576089 qemu may drive Xen into unbounded loop XSA-262, CVE-2018-10981 1576680 Note that Tenable Network Security has extracted the preceding description block directly from th...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" bnc1087082. A new boot commandline...

radare2 denial of service vulnerability (CNVD-2018-12199)

Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the getdebuginfo function in radare2 2.5.0. A remote attacker can...

The Logitech smart home management system, the Logitech Harmony Hub vulnerability analysis-vulnerability warning-the black bar safety net

! Recently, fireeye Mandiant Red Team team found that the Logitech smart IOT home management system the Logitech Harmony Hub, the presence of a plurality of available vulnerability, an attacker can exploit these vulnerabilities to bypass system restrictions, through SSH access to the device Syste...

DEBIAN-CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...

ALPINE-CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...

CVE-2018-11031

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an apiurl=file:////etc/passwd&apimethod=get POST request...