CVE-2024-36124

A flaw was found in the iq80 Snappy compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed, and thi...

CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

CVE-2024-36124 iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

CVE-2024-36124 iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

EFB Tampering. Approach and Landing Performance Part 1

Approach and Landing Performance Part 1: Introduction and Landing Distance Calculations Click here for part 2 TL;DR Approach and landing performance applications perform calculations to provide critical performance data to pilots e.g. speed / flap settings on approach Modifying any one of these...

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been...

PSMDATP - PowerShell Module For Managing Microsoft Defender Advanced Threat Protection

Welcome to the Microsoft Defender Advanced Threat Protection PowerShell module! This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender Advanced Threat Protection API. Motivation I created this PowerShell module for MDATP...

FreeBSD : rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) (40194e1c-6d89-11ea-8082-80ee73419af3)

When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn't address some other...

Unsafe Object Creation Vulnerability in JSON (Additional fix)

When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn’t address some other...

Mattress Company Leaks Data Records of 387K Customers

A Wisconsin mattress company leaked the records of 387,000 customers online in a database that lacked password protection, a security researcher has found. The incident once again demonstrates the potential security consequences of failing to take even the simplest security measures to protect...

curl: Signed integer overflow in tool_progress_cb()

Summary: Good afternoon curl security! I built this curl from commit 8144ba38c383718355d8af2ed8330414edcbbc83. We discovered a signed integer overflow in toolprogresscb. Steps To Reproduce: Compiled with the Undefined Behavior Sanitizer enabled. Ran with the following command line: ./curl -q - -T...

SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2016:0631-1) (DROWN)

This update for compat-openssl097g fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA...

Vulnerability in OpenSSL - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption

In the BNhex2bn function the number of hex digits is calculated using an int value |i|. Later |bnexpand| is called with a value of |i 4|. For large values of |i| this can result in |bnexpand| not allocating any memory because |i 4| is negative. This can leave the internal BIGNUM data field as NUL...

Mastery OA 2011-2013 pass to kill GETSHELL-a vulnerability warning-the black bar safety net

Statement: This program applied to a lot of government agencies, educational institutions, as well as the large stream companiesChina Telecom, etc.! Please after reading this don't try to for any use of the program website destruction attack invasion, etc... I made this post purely technical...