CVE-2018-6948

In CCN-lite 2, the function ccnlprefixtostrdetailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNLMAXPREFIXSIZE; the buffer has the size CCNLMAXPREFIXSIZE. However, when NFN is enabled, additional characters are written to the buffer...

EUVD-2018-18692

Malware in sbrugna...

EUVD-2022-33182

Malicious code in bioql PyPI...

CVE-2022-28743

Time-of-check Time-of-use TOCTOU Race Condition vulerability in Foscam R2C IP camera running System FW = 1.13.1.6, and Application FW = 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of...

Foscam R2C IP Conditional Competition Vulnerability

Foscam R2C IP, a webcam from Foscam China, is a conditional contention vulnerability that could be exploited by remote attackers to gain full remote access to the IP camera and the underlying Linux system with root privileges...

CVE-2022-28743

Time-of-check Time-of-use TOCTOU Race Condition vulerability in Foscam R2C IP camera running System FW = 1.13.1.6, and Application FW = 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of...

CVE-2022-28743

Time-of-check Time-of-use TOCTOU Race Condition vulerability in Foscam R2C IP camera running System FW = 1.13.1.6, and Application FW = 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of...

CVE-2022-28743

Time-of-check Time-of-use TOCTOU Race Condition vulerability in Foscam R2C IP camera running System FW = 1.13.1.6, and Application FW = 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of...

Race condition

Time-of-check Time-of-use TOCTOU Race Condition vulerability in Foscam R2C IP camera running System FW = 1.13.1.6, and Application FW = 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of...

CVE-2022-28743

The CVE-2022-28743 entry concerns the Foscam R2C IP camera. A TOCTOU race condition in System FW (<= 1.13.1.6) and Application FW (

CVE-2022-28743

Time-of-check Time-of-use TOCTOU Race Condition vulerability in Foscam R2C IP camera running System FW = 1.13.1.6, and Application FW = 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of...

Foscam R2C IP 安全漏洞

Foscam R2C IP, a webcam from Foscam China, is a conditional contention vulnerability that could be exploited by remote attackers to gain full remote access to the IP camera and the underlying Linux system with root privileges...

Keeping A Critical Eye on IoT Devices

Keeping a Critical Eye on IoT Devices By Sam Quinn · April 21, 2022 Trellix Labs is excited to announce the beginning of a new video series which captures one of our senior vulnerability researchers work on hacking an IoT device from beginning to end. This will conclude with the releasing of a ne...

Keeping A Critical Eye on IoT Devices

Keeping a Critical Eye on IoT Devices By Sam Quinn · April 21, 2022 Trellix Labs is excited to announce the beginning of a new video series which captures one of our senior vulnerability researchers work on hacking an IoT device from beginning to end. This will conclude with the releasing of a ne...

regular expression denial-of-service (ReDoS) in Bleach

Impact bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. Patches 3.1.4 Workarounds d...

filecrawl (>=1.0.0 <=1.0.0b2), hackingtools (>=0.9.94 <=2.0.3) +2 more potentially affected by CVE-2019-19275 via typed-ast (=1.3.1)

typed-ast PYPI version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on typed-ast and may be impacted: - filecrawl =1.0.0, =0.9.94, =0.0.9, =0.0.1, =0.0.3 Source cves: CVE-2019-19275 Source advisory: OSV:GHSA-7XXV-WPXJ-MX5V...

filecrawl (>=1.0.0 <=1.0.0b2), hackingtools (>=0.9.94 <=2.0.3) +2 more potentially affected by CVE-2019-19274 via typed-ast (=1.3.1)

typed-ast PYPI version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on typed-ast and may be impacted: - filecrawl =1.0.0, =0.9.94, =0.0.9, =0.0.1, =0.0.3 Source cves: CVE-2019-19274 Source advisory: OSV:GHSA-M3JW-62M7-JJCM...

CVE-2018-6948

In CCN-lite 2, the function ccnlprefixtostrdetailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNLMAXPREFIXSIZE; the buffer has the size CCNLMAXPREFIXSIZE. However, when NFN is enabled, additional characters are written to the buffer...

Buffer overflow

In CCN-lite 2, the function ccnlprefixtostrdetailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNLMAXPREFIXSIZE; the buffer has the size CCNLMAXPREFIXSIZE. However, when NFN is enabled, additional characters are written to the buffer...

CVE-2018-6948

In CCN-lite 2, the function ccnlprefixtostrdetailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNLMAXPREFIXSIZE; the buffer has the size CCNLMAXPREFIXSIZE. However, when NFN is enabled, additional characters are written to the buffer...