dev-srv (>=0.1.3 <=0.3.1), gfm-srv (>=0.0.2 <=1.1.3) potentially affected by CVE-2018-3714 via node-srv (>=0.3.3 <=1.2.6)

node-srv NPM version =0.3.3, =0.1.3, =0.0.2, =1.1.3 Source cves: CVE-2018-3714 Source advisory: OSV:GHSA-52R9-G5G6-2HJP...

dev-insider.de XSS vulnerability

Open Bug Bounty ID: OBB-650899 Description| Value ---|--- Affected Website:| dev-insider.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Debian: Security Advisory (DLA-1429-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : gnupg (2018-69780fc4d7)

New upstream v1.4.23 1589802,1589620,1589624 - Remove patches included in upstream release - Note that this includes the fix for CVE-2018-12020 ---- - doc Remove documentation for future option faked sys - build Don't use dev srandom on OpenBSD - Do not use C99 feature - g10 Fix regexp...

SIPp 3.6 - Local Buffer Overflow (PoC)

Exploit Title: SIPp 3.6 - Local Buffer Overflow PoC Date: 2018-06-30 Exploit Author: Fakhri Zulkifli Vendor Homepage: http://sipp.sourceforge.net/ Software Link: https://github.com/SIPp/sipp/releases Version: 3.6-dev and earlier Tested on: 3.6-dev $ ./sipp -3pcc python -c ‘print “A” 300' 0 0x4483...

Github Account of Gentoo Linux Hacked, Code Replaced With Malware

Downloaded anything from Gentoo's GitHub account yesterday? Consider those files compromised and dump them now—as an unknown group of hackers or an individual managed to gain access to the GitHub account of the Gentoo Linux distribution on Thursday and replaced the original source code with a...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM MQ Light (CVE-2015-1788, CVE-2015-1789, CVE-2015-4000)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM MQ Light. IBM MQ Light has addressed the applicable CVEs. Vulnerability...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ Light (CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM MQ Light. IBM MQ Light has addressed the applicable CVEs. Vulnerability Details CVEI...

haxe-dev code execution vulnerability

haxe-dev is a toolkit for building cross-platform tools and frameworks. A security vulnerability exists in haxe-dev that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...

CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

DEBIAN-CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

UBUNTU-CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

Man-in-the-Middle (MitM)

haxe-dev is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10637

haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

Remote code execution

haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10637

haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10637

CVE-2016-10637 affects haxe-dev, a cross-platform toolkit. The vulnerability arises when haxe-dev downloads binary resources over HTTP, allowing a network-adjacent attacker to perform a MITM and swap the requested binary with an attacker-controlled one, potentially leading to remote code executio...

PT-2018-3349 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.13 Description: The issue is related to an integer overflow in the cpia2 remap buffer function, located in drivers/media/usb/cpia2/cpia2 core.c, which can be exploited to gain read and write access to kernel...

CVE-2018-1118

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-ne...