CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

Debian DLA-2057-1 : pillow security update

It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language : - CVE-2019-19911: Prevent a denial of service vulnerability caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is...

Ruby Information Disclosure Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the software developer Gyohiro Matsumoto. A security vulnerability exists in Ruby. An attacker can exploit this vulnerability by hijacking a session through a timing attack on the session ID...

Important: libyang security update

The libyang package provides a library for YANG data modeling language. libyang is a YANG data modelling language parser and toolkit written and providing API in C. The library is used e.g. in libnetconf2, Netopeer2, sysrepo and FRRouting projects. Security Fixes: libyang: stack-based buffer...

How we developed our simple Harbour decompiler

https://github.com/KasperskyLab/hbdec Every once in a while we get a request that leaves us scratching our heads. With these types of requests, existing tools are usually not enough and we have to create our own custom tooling to solve the "problem". One such request dropped onto our desk at the...

Moderate: Red Hat Enhancement Advisory: new packages: go-toolset-1.12

New go-toolset-1.12 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. This enhancement update adds the go-toolset-1.12 packages to Red Hat Develope...

HadSky has an XSS vulnerability

HadSky Light Forum is a newborn original PHP MySQL open source system , the main goal is to achieve light , fast , simple , full , 100% original open source system . HadSky XSS vulnerability , attackers can exploit the vulnerability to obtain administrator cookie information...

ALPINE-CVE-2019-16254

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

[SECURITY] Fedora 30 Update: golang-1.12.13-1.fc30

The Go Programming Language...

Fedora Update for golang FEDORA-2019-34e097c66c

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for python2-docs FEDORA-2019-74ba24605e

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for python2-docs FEDORA-2019-758824a3ff

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: lua security and bug fix update

An update for lua is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

lua security and bug fix update

An update is available for lua. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The lua packages provide support for Lua, a powerful light-weight programming...

Moderate: lua security and bug fix update

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: use-after-free in luaupvaluejoin in lapi.c resulting in denial of service...

Moderate: python27:2.7 security and bug fix update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fixes: numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code execution...

[SECURITY] Fedora 31 Update: golang-1.13.3-1.fc31

The Go Programming Language...

[SECURITY] Fedora 29 Update: golang-1.11.13-2.fc29

The Go Programming Language...

[SECURITY] Fedora 30 Update: golang-1.12.10-1.fc30

The Go Programming Language...

Designing a COM library for Rust

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language SSPL group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities. This blog po...