Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System

A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research...

mailman security and bug fix update

3:2.1.15-30 - Resolves: 1599692 - Sanitize input on listinfo page CVE-2018-0618 3:2.1.15-29 - Resolves: 1611689 - Trim long text in 'no such list' messages 3:2.1.15-28 - Resolves: 1718180 - Try to decode member name first 3:2.1.15-27 - Related : 1545973 - Bump release to override rhel-7.4.z versi...

RHEL 7 : libreoffice (RHSA-2020:1151)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1151 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

libreoffice: Insufficient URL decoding flaw in categorizing macro location

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

httpd: mod_session_cookie does not respect expiry time

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

Stack overflow

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...

CVE-2020-10825

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...

GHSA-66Q9-F7FF-MMX6 Local file inclusion vulnerability in http4s

Impact This vulnerability applies to all users of: org.http4s.server.staticcontent.FileService org.http4s.server.staticcontent.ResourceService org.http4s.server.staticcontent.WebjarService Path escaping URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expos...

Local file inclusion vulnerability in http4s

Impact This vulnerability applies to all users of: org.http4s.server.staticcontent.FileService org.http4s.server.staticcontent.ResourceService org.http4s.server.staticcontent.WebjarService Path escaping URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expos...

DEBIAN-CVE-2020-6079

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker...

UBUNTU-CVE-2020-6079

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker...

Buffer overflow

An issue was discovered on Samsung mobile devices with any before February 2020 for Exynos modem chipsets software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 February 2020...

CVE-2020-10835

CVE-2020-10835 affects Samsung mobile devices via a buffer overflow in baseband CP message decoding. Root cause: buffer overflow in the baseband CP message decoding path. Affected scope: Samsung devices with any software (noting Exynos modem chipsets before Feb 2020). Impact as per public records...

CVE-2020-10835

An issue was discovered on Samsung mobile devices with any before February 2020 for Exynos modem chipsets software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 February 2020...

PT-2020-2148 · Videolabs +1 · Libmicrodns +1

Name of the Vulnerable Software and Affected Versions: Videolabs libmicrodns version 0.1.0 Description: The issue is related to a denial-of-service condition that can occur due to improper resource allocation handling when parsing mDNS messages. If errors are encountered during this process, some...

Internet Bug Bounty: Cache Manager ACL Bypass

Summary: ACL Manager can be bypassed giving non authorized users to squid-internal-mgr. Possible to bypass other urlregex, but only focused on manager. with the hostname of the server running squid echo -e "GET https://jeriko.one%252f@:3128/squid-internal-mgr/activerequests HTTP/1.1\r\n\r\n" |nc...

python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c

A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the...

Artica Pandora FMS Remote Code Execution Vulnerability (CNVD-2020-19576)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A remote code execution vulnerability exists in Pandora FMS 7.0 NG. The vulnerability stems from...

GHSA-22JR-VC7J-G762 Potential buffer overflow in psd-tools

Impact An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malformed PSD input data during decoding to the PIL.Image or NumPy format, leading to a Buffer Overflow. Patches Users of psd-tools version v1.8.37 to v1.9.3 should upgrade to...

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...