philipp-frueh.com Cross Site Scripting vulnerability OBB-3615812

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bibliothek.philipp-reis-schule.de Cross Site Scripting vulnerability OBB-3544935

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

A Bootiful Podcast: Elastic's Philipp Krenn

Hi Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment, Josh Long talks to Elastic's Philipp Krenn, live from Spring IO 2023 in beautiful Barcelona, Spain!...

bibliothek.philipp-reis-schule.de Cross Site Scripting vulnerability OBB-3452492

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Mozilla: Memory safety bugs fixed in Firefox ESR 102.8

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

Mozilla: Memory safety bugs fixed in Firefox ESR 102.8

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

Mozilla: Memory safety bugs fixed in Firefox ESR 102.8

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

Mozilla: Memory safety bugs fixed in Firefox ESR 102.8

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

Mozilla: Memory safety bugs fixed in Firefox ESR 102.8

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

Mozilla: Memory safety bugs fixed in Firefox ESR 102.8

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

GHSA-PWCW-6F5G-GXF8 Helm vulnerable to information disclosure via getHostByName Function

A Helm contributor discovered an information disclosure vulnerability using the getHostByName template function. Impact getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the...

Helm vulnerable to information disclosure via getHostByName Function

A Helm contributor discovered an information disclosure vulnerability using the getHostByName template function. Impact getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the...

philippheltewig.de Improper Access Control vulnerability OBB-2397367

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Advisory 2020-01-31-2 - libubox tagged binary data JSON serialization vulnerability (CVE-2020-7248)

DESCRIPTION Possibly exploitable vulnerability exists in the libubox library of OpenWrt, specifically in the parts related to JSON conversion of tagged binary data, so called blobs. An attacker could possibly exploit this behavior by providing specially crafted binary blob or JSON which would the...

CVE-2019-11758

Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This...

CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols

This software project is a result of a Bachelor's thesis created atSCHUTZWERK in collaboration with Aalen University by Philipp Schmied. Please refer to the correspondingblog post for more information. Why another CAN tool? Built from scratch with new ideas for analysis mechanisms Bundles feature...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3836-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3836-1 advisory. Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could...

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3836-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3836-2 advisory. USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu 18.10 : linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3835-1)

Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. CVE-2018-17972 Jann Horn discovered that the mremap system...

USN-3833-1: Linux kernel (AWS) vulnerabilities

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. CVE-2018-18955 Philipp Wendler discovered that the overlayfs implementati...