CVE-2019-9414

In wpasupplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR allows a attacker to cause a service failure.

The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR operating systems is related to errors in the processing of IS-IS protocol data packets. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2019-1910 Cisco IOS XR Software Intermediate System to Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of the Intermediate SystemtoIntermediate System ISIS routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same ISIS area to cause a denial of service DoS condition. The vulnerability is due to incorrect...

Insecure Access Controls

nuget package manager uses insecure access controls. An authenticated attacker is able to tamper and modify contents of the intermediate build folder obj...

CVE-2019-0976

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder by default "obj", aka 'NuGet Package Manager Tampering Vulnerability'...

CVE-2019-0976

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder by default "obj", aka 'NuGet Package Manager Tampering Vulnerability'...

CVE-2019-0976

CVE-2019-0976 describes a tampering vulnerability in the NuGet Package Manager for Linux and Mac. An authenticated attacker could modify contents of the intermediate build folder (by default obj), potentially affecting binaries produced by a build. The root cause cited in the Microsoft advisory i...

Angr - A Powerful And User-Friendly Binary Analysis Platform

angr is a platform-agnostic binary analysis framework. It is brought to you by the Computer Security Lab at UC Santa Barbara, SEFCOM at Arizona State University, their associated CTF team, Shellphish, the open source community, and @rhelmot. What? angr is a suite of Python 3 libraries that let yo...

The vulnerability of the Squid proxy server, related to accessing beyond the allocated buffer memory, allows attackers to cause a service failure.

The vulnerability of the Squid proxy server is related to an error that causes data to exceed the allocated memory buffer when processing ESI responses or loading certificates from intermediate certification centers. Exploiting this vulnerability can allow a malicious actor to cause service...

Miasm - Reverse Engineering Framework In Python

Miasm is a free and open source GPLv2 reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features: Opening / modifying / generating PE / ELF 32 / 64 LE / BE using Elfesteem Assembling / Disassembling X86 / ARM / MIPS / SH4 /...

Security update for shadow (moderate)

This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2018:0678-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks bsc1074562, bsc1068032 - CVE-2018-5683: The vgadrawtext function...

SUSE SLES12 Security Update : squid (SUSE-SU-2018:0636-1)

This update for squid fixes the following issues: Security issues fixed : - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esiparser bsc1077003. - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien...

The XenMobile server is not sending the required intermediate certificate

Whenever verifying the certificate for XenMobile on https://www.digicert.com/help/ you get the following: The server is not sending the required intermediate certificate...

Debian DLA-1266-1 : squid3 security update

Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA certificate downloading. CVE-2018-1000024 Incorrect pointer handling resulted in the ability of a remote server to...

[SECURITY] [DLA 1266-1] squid3 security update

Package : squid3 Version : 3.1.20-2.2+deb7u8 CVE ID : CVE-2018-1000024 CVE-2018-1000027 Debian Bug : 888719 888720 Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with ESI response processing and intermediate CA...

ProFTPD Local Security Bypass Vulnerability

ProFTPD is an FTP server program for Unix or Unix-like platforms such as Linux, FreeBSD, etc.. A local security bypass vulnerability exists in ProFTPD version 1.3.6 before 1.3.5e and 1.3.6 before 1.3.6rc5, which allows a local attacker to bypass the AllowChrootSymlinks control by replacing one of...

DEBIAN-CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...

UBUNTU-CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...

CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...