The vulnerability of the syntax analyzer and the YANG data modeling tool, Libyang, arises from writing beyond buffer boundaries in memory. This allows attackers to trigger service failures or execute arbitrary code.

The vulnerability of the syntax analyzer and the YANG data modeling language toolset lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Updates to Snort setup guides

Our documentation on Snort 3 running on CentOS and the Snort Rules Writing guide to Snort 3. Thanks to community member Yaser for providing the updates. The Snort 3 guide now has expanded information on logging options — such as syslog and JSON. There is also a new performance optimization sectio...

CVE-2020-12647

Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability...

CVE-2020-12647

Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability...

CVE-2020-12647

Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability...

OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

[SECURITY] Fedora 31 Update: rubygem-rake-12.3.3-200.fc31

Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax...

RHEL 8 : java-11-openjdk (RHSA-2020:1517)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1517 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

The vulnerability of the sqlite3WindowRewrite() function in the SQLite database management system, related to insufficient handling of exception states, allows a attacker to compromise data integrity.

The vulnerability of the sqlite3WindowRewrite function in the SQLite database management system is related to improper handling of certain syntax analyzers. Exploiting this vulnerability could allow an attacker to compromise data integrity...

The vulnerability of the syntax analyzer in the tcpdump tool, which is used for intercepting and analyzing network traffic, allows a hacker to cause a service failure.

The vulnerability of the syntax analyzer in the tcpdump tool, a tool for intercepting and analyzing network traffic, is related to the execution of read operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

perl-Convert-ASN1 Denial of Service Vulnerability

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the Perl community. A security vulnerability exists in perl-Convert-ASN1 0.27 and earlier versions, which stems from the program's unsafe decoding of user input. A remote attacker can exploit the vulnerabilit...

Command injection

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated...

The vulnerability of the ASN.1 component of the Bouncy Castle Crypto library, which involves the allocation of unlimited memory, allows a attacker to trigger a service failure.

The vulnerability of the ASN.1 component in the Bouncy Castle Crypto library is related to the provision of unlimited memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Linux: Read pam_limits module config files (KB)

The pamlimits.so module applies ulimit limits, nice priority and number of simultaneous login sessions limit to user login sessions. This description of the configuration file syntax applies to the /etc/security/limits.conf file and .conf files in the /etc/security/limits.d directory. Note: This...

PT-2020-15317 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.69 and earlier Description: The issue allows sandbox protection to be circumvented during the script compilation phase. This can be achieved by applying AST transforming annotations to imports or by...

Mail.ru: [windows10.hi-tech.mail.ru] Blind SQL Injection

Доброе утро! Сегодня удалось найти у вас слепую скулю, правда она снова вне скопа походу URL: https://windows10.hi-tech.mail.ru/api/tweets?cityid=select0fromselectsleep25v Request: GET /api/tweets?cityid=select0fromselectsleep25v HTTP/1.1 Host: windows10.hi-tech.mail.ru User-Agent: Mozilla/5.0 X1...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...