openSUSE Security Update : links (openSUSE-2019-2185)

This update for links fixes the following issues : links was updated to 2.20.1 : - libevent bug fixes links was updated to 2.20 : - Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with...

OPENSUSE-SU-2019:2185-1 Security update for links

This update for links fixes the following issues: links was updated to 2.20.1: libevent bug fixes links was updated to 2.20: Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with...

Security update for links (moderate)

openSUSE Security Update: Security update for links Announcement ID: openSUSE-SU-2019:2185-1 Rating: moderate References: 1149886 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that contains security fixes can now be...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2019:2173-1 Rating: important References: 1047238 1050911 1051510 1054914 1056686 1060662 1061840 1061843 1064597 1064701 1065600 1065729 1066369 1071009 1071306 1078248 1082555 1085030 1085536 1085539...

curl: Potential invocation of qsort on uninitialized memory during cookie save

Summary: If cookiejar is set, cookies are written to file at exit. That is done by the function cookieoutput in cookie.c. The cookies are sorted before being stored, using qsort on a temporary array. That temporary array is uninitialized gotten from malloc at...

V8 Map Migration Type Confusion

v8 Map migration doesn't respect element kind, leading to type confusion The following sample, found by Fuzzilli and manually simplified, crashes d8 built from HEAD in both debug and release configuration: function main const v2 = foo:1.1; Object.sealv2; Object.preventExtensionsv2; Object.freezev...

Semmle: Privilege escalation in workers container

Summary about the bugs: In the prepare step, semmle allows user to install new package. By upload a malicious package along with source code and force server to build this package, attacker will gain root access to the container Steps: 1. Create a malicious package contains the backdoor: I use th...

CVE-2019-8451

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. Recent assessments: h0ffayyy at September...

ciclife.ciclife.co.kr Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-960498 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting ciclife.ciclife.co.kr website...

Enigma NMS 65.0.0 - SQL Injection

Enigma NMS 65.0.0 - SQL Injection -------------------------------------------------------------------- Exploit Title: Enigma NMS searchpattern SQL Injection Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software...

CVE-2019-2124

In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure...

CVE-2019-2389

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...

CVE-2014-9982

CVE-2014-9982 entry is rejected/not used per the initial description.

Quantopian: Cross-site scripting via hardcoded front-end watched expression.

Hello, favorite security team. This is so far most interesting XSS i've found on your website. And also this is 10th bug i report you, so im gonna celebrate. Summary: Via hardcoded front-end code in algo debugger one is able to execute XSS on algorithm collaborator. One is able to use python to...

Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...

GitLab: Git flag injection - Search API with scope 'blobs'

As requested from @hackerjuan, breaking this out of https://hackerone.com/reports/658013 for easier tracking. Summary Gitlab 12.1.6 fixed the wikiblobs scope of the search api, but the blobs scope is still vulnerable to git flag injection and allows reading any file in /var/opt/gitlab/gitaly...

opensc:fuzz_pkcs15_reader: Global-buffer-overflow in fuzz_pkcs15_reader.c

Project: https://github.com/OpenSC/OpenSC.git Detailed Report: https://oss-fuzz.com/testcase?key=5648490046160896 Project: opensc Fuzzing Engine: libFuzzer Fuzz Target: fuzzpkcs15reader Job Type: libfuzzerasanopensc Platform Id: linux Crash Type: Global-buffer-overflow READ 4 Crash Address:...

Webmin 1.920 Remote Root

!/usr/bin/perl -w Webmin 1.920 Remote Root Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages caused by dire...

graphicsmagick:coder_TIFF_fuzzer: Use-of-uninitialized-value in TIFFYCbCrtoRGB

Project: http://hg.code.sf.net/p/graphicsmagick/code Detailed Report: https://oss-fuzz.com/testcase?key=5681613295321088 Project: graphicsmagick Fuzzing Engine: libFuzzer Fuzz Target: coderTIFFfuzzer Job Type: libfuzzermsangraphicsmagick Platform Id: linux Crash Type: Use-of-uninitialized-value...

CVE-2014-10375

handlemessages in eXtltls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header...