LibSass heap buffer overread vulnerability (CNVD-2019-40159)

LibSass is a C/C++ implementation of the Sass compiler. A heap buffer over-read vulnerability exists in Sass::weaveParents in astselweave.cpp in LibSass versions prior to 3.6.3. No details of the vulnerability are provided at this time...

Unspecified Vulnerability in IBM Security Directory Server (CNVD-2019-38504)

IBM Security Directory Server is a suite of enterprise identity management software from IBM USA that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A security vulnerability exists in IBM Security Directory...

The vulnerability of the syntax analysis function of the PowerDNS server allows a attacker to cause a service failure.

The vulnerability of the DNS server’s syntax analysis function in PowerDNS is related to the lack of an authentication mechanism. Exploiting this vulnerability could allow a malicious actor to cause a service failure when searching for NS/A/AAAA records on the server...

The vulnerability of syntactic analysis in HTTP/1 and the HTTP accelerator Varnish allows attackers to induce a service failure.

The vulnerability of syntactic analysis in HTTP/1 and HTTP accelerator Varnish exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to improper syntactic analysis of page content or interpretation of data entered by users. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to incorrect syntax analysis of page content or improper interpretation of data entered by users. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Design/Logic Flaw

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812...

[SECURITY] Fedora 29 Update: curl-7.61.1-12.fc29

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

[SECURITY] Fedora 31 Update: curl-7.66.0-1.fc31

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2019-12463

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...

CVE-2019-12463

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...

Sql injection

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...

CVE-2019-10665

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

CVE-2019-10665

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

Sql injection

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

CVE-2019-12463

CVE-2019-12463 affects LibreNMS 1.50.1. The vulnerability exists in the graphing code paths (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) where user input is insufficiently validated/encoded. Some parameters are filtered with mysqli_real_escape_string, others are u...

CVE-2019-12463

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...

CVE-2019-10665

LibreNMS (through 1.50.x) contains input handling weaknesses in its graphing scripts (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php or html/graph.php) that allow injecting RRDtool syntax via newline characters. This occurs because several user-supplied fields are not...

CVE-2019-10665

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

UBUNTU-CVE-2019-15946

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1decodeentry in libopensc/asn1.c...

GhIDA: Ghidra decompiler for IDA Pro

By Andrea Marcelli Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow, giving users the ability to rename and highlight symbols and improved navigation and comments. GhIDA...