EulerOS 2.0 SP2 : dovecot (EulerOS-SA-2019-2372)

According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI...

The vulnerability of the String#unpack method in the Ruby programming language allows attackers to exploit it to disclose protected information.

The vulnerability of the Stringunpack method in the Ruby programming language is related to the use of uncontrolled format strings. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information that is protected by this method...

Commands and Tools for Embedded Reverse Engineering

We’ve been training a lot of people to look at embedded systems. The training is intensive, and it can be hard to remember all the commands and tools used. This is just a quick rundown of those tools with enough information to jog your memory! Basic Commands If we want to see the content of a fil...

patch: do_ed_script in pch.c does not block strings beginning with a ! character

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

Security update for libidn2 (moderate)

openSUSE Security Update: Security update for libidn2 Announcement ID: openSUSE-SU-2019:2611-1 Rating: moderate References: 1154884 1154887 Cross-References: CVE-2019-12290 CVE-2019-18224 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description:...

Regular Expression Denial of Service

Overview All versions of markdown are vulnerable to Regular Expression Denial of Service ReDoS. The markdown.toHTML function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input. Recommendation...

Arbitrary Code Execution

symfony/symfony is vulnerable to arbitrary code execution. The vulnerability exists as the VarExporter does not properly escape strings, allowing strings with newlines to be executed...

Memory corruption

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output...

CVE-2010-4657

CVE-2010-4657 affects PHP5 prior to 5.4.4. The flaw allows passing invalid UTF-8 strings to xmlTextWriterWriteAttribute, which are misparsed by libxml2, causing a memory leak in the produced output. The vulnerability is triggered through the attribute-writing path and is not described as exploita...

CVE-2019-11325: Fix escaping of strings in VarExporter

More info at https://symfony.com/cve-2019-11325...

Multiple vulnerabilities exist in the functions cdio_log_handler (modules/access/cdda/access.c) of the CDDA plugin (libcdda_plugin), and in the cdio_log_handler and vcd_log_handler functions (modules/access/vcdx/access.c) of the VCDX plugin (libvcdx_plugin). These vulnerabilities allow an attacker to execute arbitrary code.

Multiple vulnerabilities exist in the functions cdiologhandler modules/access/cdda/access.c of the CDDA plugin libcddaplugin, and in the cdiologhandler and vcdloghandler functions modules/access/vcdx/access.c of the VCDX plugin libvcdxplugin of the VideoLAN VLC media player software. These...

[SECURITY] Fedora 31 Update: python2-2.7.17-1.fc31

Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...

patch: do_ed_script in pch.c does not block strings beginning with a ! character

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

patch: do_ed_script in pch.c does not block strings beginning with a ! character

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

CVE-2019-11500

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Schneider Electric Modicon M580 UMAS cleartext data transmission vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Schneider Electric...

Fenrir - Simple Bash IOC Scanner

Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise IOCs: Hashes MD5, SHA1 and SHA256 using md5sum, sha1sum, sha -a 256 File Names string - checked for substring of the full path, e.g. "temp/p.exe" in "/var/temp/p.exe"...

UBUNTU-CVE-2019-17113

In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlugInstrumentName and ModPlugSampleName in libopenmptmodplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow...

patch: do_ed_script in pch.c does not block strings beginning with a ! character

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

CVE-2019-12677

A vulnerability in the Secure Sockets Layer SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition that prevents the creation of new SSL/Transport Layer Security TLS connections to an affected...