kernel: ASLR bypass for setuid binaries due to late install_exec_creds()

A flaw in the loadelfbinary function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because installexeccreds is called too late in this function...

SUSE-SU-2020:0528-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 bsc1162972, bsc1160968 - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all -...

CVE-2020-10113

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

CVE-2020-10113

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

Design/Logic Flaw

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

esp-v2:service_control_filter_fuzz_test: Global-buffer-overflow in google::api_proxy::service_control::set_response_code_class

Project: https://github.com/GoogleCloudPlatform/esp-v2.git Detailed Report: https://oss-fuzz.com/testcase?key=5753507539058688 Project: esp-v2 Fuzzing Engine: libFuzzer Fuzz Target: servicecontrolfilterfuzztest Job Type: libfuzzerasanesp-v2 Platform Id: linux Crash Type: Global-buffer-overflow RE...

CVE-2020-0047

In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311...

CVE-2020-0037

In rwi93smsetreadonly of rwi93.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

Mail.ru: CRLF Injection in 301 Redirect allow to Set-Cookies for mail.ru

CRLF injection in HTTP 301 reply on 1l-go.mail.ru...

CVE-2020-8013 permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim

A UNIX Symbolic Link Symlink Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be...

Nord Security: Arbitrary Set-Cookie via "?coupon=" due to semi-colon not encoded

Related to , the separator in the cookie header is semi-colon ; and this issue is caused by semicolon ; not encoded, so the attacker can arbitrarily manipulate cookies. Arbitrary set cookie will cause several problems like: - Session Fixation - Cookie Bomb Client-Side DoS - Etc Vulnerable Endpoin...

Linux kernel out-of-bounds read vulnerability (CNVD-2020-14290)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in setfdc in drivers/block/floppy.c in Linux kernel 5.5.6 and earlier. An attacker can exploit this vulnerability to cause...

kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c

A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code...

Unspecified Vulnerability in Dot-object

Dot-object is a module to convert json objects using dot representation. A security vulnerability exists in Dot-object versions prior to 2.1.3. An attacker can exploit this vulnerability to add or modify Object.prototype properties with the help of the 'set' parameter...

Introduction and Application of Model Hacking

ARCHIVED STORY Introduction and Application of Model Hacking By Steve Povolny · Febraury 19, 2020 Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” AML is a mouthful! The term describes a research field regarding the study and design o...

Introduction and Application of Model Hacking

ARCHIVED STORY Introduction and Application of Model Hacking By Steve Povolny · Febraury 19, 2020 Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” AML is a mouthful! The term describes a research field regarding the study and design o...

The vulnerability of the set_text_free function in the Netwide Assembler (NASM) assembly language allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the settextfree function in the Netwide Assembler NASM is related to the execution of operations outside the buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2019-19659

A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html...

Fedora 31 : nodejs-set-value (2020-582515fa8a)

Update to upstream 2.0.1 release for CVE-2019-10747 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...