Command injection

Barco TransForm N before 3.8 allows Command Injection issue 2 of 4. The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An...

Directory Traversal

Overview com.google.android.play:core is a Google Play Core Library. Affected versions of this package are vulnerable to Directory Traversal. This flaw is in the SplitCompat.install endpoint. A malicious attacker can create an apk which targets a specific application, and if a victim were to...

Consensus Flaw During Block Processing

github.com/ethereum/go-ethereum is having a consensus flaw during block processing. It leads to a chain split, where vulnerable versions refuse to accept the canonical chain...

CVE-2020-26265

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...

Code injection

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...

CVE-2020-26265

Go Ethereum (Geth) up to v1.9.19 (inclusive) is affected by a consensus vulnerability that could lead to a chain split where non-canonical chains are rejected. The issue stems from how state/account creation interacted with deleted accounts, causing inconsistent consensus under certain transactio...

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check aka CID-c444eb564fb1.

...

Linux kernel code issue vulnerability (CNVD-2020-68543)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 5.7.5, which stems from a contention condition in split huge pmd in mm huge memoryc, where the copy-on-writ...

PDF Cat Split & Merge Software Exploits a dll Hijacking Vulnerability

PDF Cat Split and Merge Software is a PDF file to merge the operation of the software. PDF Cat Split & Merge Software has a dll hijacking vulnerability, which can be exploited by attackers to load a dll without signing and file verification, resulting in dll hijacking...

DEBIAN-CVE-2020-29368

An issue was discovered in splithugepmd in mm/hugememory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1...

UBUNTU-CVE-2020-29368

An issue was discovered in splithugepmd in mm/hugememory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 5.7.5, which stems from a contention condition in split huge pmd in mm huge memoryc, where the copy-on-writ...

CVE-2020-26241

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...

CVE-2020-26241

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...

Design/Logic Flaw

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...

CVE-2020-26241 Shallow copy bug in geth

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...

CVE-2020-26241

CVE-2020-26241 is a consensus vulnerability in the Go Ethereum (Geth) client prior to version 1.9.17. A crafted contract can trigger a mismatch between the EVM’s RETURNDATACOPY path and Geth’s execution by exploiting a shallow copy bug in the pre-compiled dataCopy contract (0x0000…04). An attacke...

frr: default permission issue eases information leaks

An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...

IBM WebSphere Application Server 7.0.0.x < 7.0.0.45 / 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.5 HTTP Response Splitting (CVE-2017-1503)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.43, 8.0.0.x prior to 8.0.0.14, 8.5.0.x prior to 8.5.5.13 or 9.0.x prior to 9.0.0.5. It is, therefore, affected by an HTTP response splitting vulnerability. An unauthenticated, remote attacker can...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...