CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

onefuzz

:exclamation: IMPORTANT NOTICE :exclamation: August 31...

Security Bulletin: IBM API Connect is vulnerable to a denial of service vulnerability in Oracle MySQL (CVE-2020-2589)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-2589 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high...

Ruby on Rails: Server-side template injection at ujs test server

I have found in the server code for testing ujs in Rails that template injection is possible and that leads to rce. code https://github.com/rails/rails/blob/v6.0.3.2/actionview/test/ujs/server.rb ruby module UJS class Server Blade::Assets.environment get "/" = "testsindex" match "/echo" =...

Apple Security Research Device Program Draws Mixed Reactions

Apple’s long anticipated Security Research Device program has launched, giving select security researchers access to testable iPhones that will make it easier for them to find iOS vulnerabilities. The program offers security researchers specially configured iPhones with shell access, and special...

DEBIAN-CVE-2020-6530

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

DEBIAN-CVE-2020-6518

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6518

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6518

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

CVE-2020-6518

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6530

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

UBUNTU-CVE-2020-6518

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6530

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

CVE-2020-6530

CVE-2020-6530 affects Google Chrome (Chromium-based) with an out-of-bounds memory access in Developer Tools prior to 84.0.4147.89. A user-assisted exploit via a crafted malicious extension could potentially cause heap corruption. The connected advisories indicate fixes in Chrome/Chromium branches...

CVE-2020-6518

CVE-2020-6518: Use-after-free in Google Chrome’s developer tools prior to 84.0.4147.89, enabling a remote attacker who entices a user to use devtools to potentially trigger heap corruption via a crafted HTML page. Affected product: Google Chrome (Developer Tools). Root cause: use-after-free in de...

CVE-2020-6518

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page...

openSUSE Security Update : chromium (openSUSE-2020-1020)

This update for chromium fixes the following issues : - Update to 84.0.4147.89 boo1174189 : - Critical CVE-2020-6510: Heap buffer overflow in background fetch. - High CVE-2020-6511: Side-channel information leakage in content security policy. - High CVE-2020-6512: Type Confusion in V8. - High...

Hello open source security! Managing risk with software composition analysis

When first learning to code many people start with a rudimentary “Hello World” program. Building the program teaches developers the basics of a language as they write the code required to display “Hello World” on a screen. As developers get more skilled, the complexity of the programs they build...

OPENSUSE-SU-2020:1020-1 Security update for chromium

This update for chromium fixes the following issues: - Update to 84.0.4147.89 boo1174189: Critical CVE-2020-6510: Heap buffer overflow in background fetch. High CVE-2020-6511: Side-channel information leakage in content security policy. High CVE-2020-6512: Type Confusion in V8. High CVE-2020-6513...