kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...

CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

iOS 12 adoption and performance - what it means for your business's app

On September 17th, Apple released iOS 12. And while many innovative new features were announced, the very first feature listed in the release notes was "Performance." Earlier this year, Apple was heavily criticized for throttling CPU speeds on mobile devices, which drastically affected their...

GNU Binutils Binary File Descriptor library null pointer dereference vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

CVE-2018-18606

CVE-2018-18606 affects GNU Binutils (libbfd). The issue is a NULL pointer dereference in _bfd_add_merge_section during merging of sections with large alignments, enabling DoS via crafted ELF. Multiple vendors document this under Binutils remediation; confirmed fixes involve upgrading Binutils to ...

GHSA-QHV9-728R-6JQG ReDoS via long string of semicolons in tough-cookie

Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header. Recommendation Update to version 2.3.0 or later...

XenoScan - Open Source Memory Scanner Written In C++

XenoScan is a memory scanner which can be used to scan the memory of processes to locate the specific locations of important values. These types of tools are typically used when hacking video games, as they allow one to locate the values representing the game's state in memory. XenoScan is writte...

CVE-2018-14822

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code...

CVE-2018-14822

CVE-2018-14822 affects Entes EMG12 Ethernet Modbus Gateway firmware v2.57 and earlier. The vulnerability is an information exposure through query strings in the web interface, which may allow an attacker to impersonate a legitimate user and, per the connected sources, execute arbitrary code. The ...

CVE-2018-14822

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code...

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service ReDoS. The vulnerability exists because the string parser does not use proper regular expressions to filter out malicious strings passing to it...

Ubuntu: Security Advisory (USN-3772-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS : UDisks vulnerability (USN-3772-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3772-1 advisory. It was discovered that UDisks incorrectly handled format strings when logging. A local attacker could possibly use this issue to cause a denial of service or obta...

USN-3772-1: UDisks vulnerability

It was discovered that UDisks incorrectly handled format strings when logging. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information...

Ruby on Rails: Untrusted strings that are cache fetched with raw option are automatically marshal loaded

This vulnerability effects application code that caches a string from an untrusted source using the raw: true option. For example, vulnerable application code might looks something like the following ruby body = Rails.cache.fetchkey, raw: true, expiresin: ttl do res = Net::HTTP.getresponseremoteu...

GHSA-8462-Q7X7-G2X4 js-bson vulnerable to REDoS

The MongoDB bson JavaScript module also known as js-bson versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service ReDoS in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString function is called to parse a long untrusted string...

Unspecified vulnerability in BHIM application for Android (CNVD-2019-41447)

BHIM application for Android is an Android platform based mobile payment application by National Payments India. A security vulnerability exists in the National Payments Corporation in version 1.3 of the India BHIM application for Android-based platform, which stems from the program's reliance on...

CVE-2017-9821

The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM for SMS validation, which makes it easier for attackers to bypass authentication...

Authentication flaw

The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM for SMS validation, which makes it easier for attackers to bypass authentication...