Exploit for CVE-2020-0609

This is a PoC exploit for CVE-2020-0609 and CVE-2020-0610, two v...

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.6.0 Security Update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

DEBIAN-CVE-2019-5064

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a...

wolfSSL buffer overflow vulnerability (CNVD-2019-41425)

wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A buffer overflow vulnerability exists in the DecodedCert structure of GetName in wolfcrypt/src/asn.c file in wolfSSL versions 4.1.0...

kube-apiserver: DoS with crafted patch of type json-patch

A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service...

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files...

AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments e.g. OSCP. It may also be useful in real-world engagements. The tool works by firstly...

SUSE-SU-2019:2042-1 Security update for python-Django

This update for python-Django fixes the following issues: - Fixed CVE-2019-6975 bsc1124991 Added CVE-2019-6975.patch to fix uncontrolled memory consumption If django.utils.numberformat.format -- used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters -...

CVE-2016-10843

cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...

kube-apiserver: DoS with crafted patch of type json-patch

A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service...

Important: Red Hat Security Advisory: Red Hat Decision Manager 7.4.0 Security Update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

DEBIAN-CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments...

UBUNTU-CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments...

Fastjson Remote Code Execution Vulnerability (CNVD-2019-22238)

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a remote code execution vulnerability that can be exploited by an attacker via a carefully...

Directory traversal

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location dot-dot-slash notation to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java...

UBUNTU-CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

DEBIAN-CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

UBUNTU-CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

openSUSE Security Update : znc (openSUSE-2019-571)

This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

DEBIAN-CVE-2019-9209

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values...