GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. How it Works During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users...

DEBIAN-CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments...

UBUNTU-CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments...

The vulnerability of the syntax analysis procedure for Python interpreter certificates allows attackers to trigger a service failure.

The vulnerability of the syntax analysis procedure for Python interpreter certificates is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

AZADMIN CMS Of HIDEA 1.0 SQL Injection

Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files: newsdet.php + Dork :...

[SECURITY] [DSA 4467-2] vim regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4467-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2019 https://www.debian.org/security/faq -...

The vulnerabilities of the components GroovySandbox.java and SecureGroovyScript.java of the Jenkins Script Security plugin allow a perpetrator to execute arbitrary code.

The vulnerabilities of the GroovySandbox.java component src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java and SecureGroovyScript.java component src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java of the Jenkins Script Securi...

Vulnerability of the components AbstractDslScriptLoader.groovy, JobDslWhitelist.groovy, and SandboxDslScriptLoader.groovy, a Jenkins Job DSL plugin, allowing a malicious actor to execute arbitrary code

The vulnerabilities of components AbstractDslScriptLoader.groovy core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, JobDslWhitelist.groovy job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, and...

The vulnerability of the RejectASTTransformsCustomizer.java component of the Jenkins Script Security plugin allows a perpetrator to execute arbitrary code.

The vulnerability of the RejectASTTransformsCustomizer.java component of the Jenkins Script Security plugin is related to errors in processing AST annotations. Exploiting this vulnerability can allow a malicious actor to exit from an isolated programming environment and execute arbitrary code...

The vulnerability of the pom.xml components and CpsGroovyShell.java plugin of the Jenkins Pipeline allows a hacker to execute arbitrary code.

The vulnerability of the pom.xml components and CpsGroovyShell.java src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java of the Jenkins Pipeline plugin is related to errors in processing input data during syntax analysis of the code. Exploiting this vulnerability can allow a...

Buffer overflow

An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size...

CVE-2019-12798

An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size...

Cross site scripting

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...

CVE-2019-6740

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update SMR-JAN-2019 - SVE-2018-13467. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

Code injection

Typora 0.9.9.21.1 1913 allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137...

CVE-2019-12172

Typora 0.9.9.21.1 1913 allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137...

CVE-2019-12172

CVE-2019-12172 concerns Typora 0.9.9.21.1 (1913) where an arbitrary code execution is possible via a modified file: URL syntax in the HREF attribute of an AREA element, demonstrated with file:\ on macOS/Linux or file://C| on Windows. Red Hat entries corroborate Typora impact for the same version ...

[SECURITY] Fedora 29 Update: perl-YAML-1.28-1.fc29

The YAML.pm module implements a YAML Loader and Dumper based on the YAML 1.0 specification http://www.yaml.org/spec/. YAML is a generic data serializa tion language that is optimized for human readability. It can be used to express the data structures of most modern programming languages, includi...

Denial Of Service (DoS)

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS clie...

[SECURITY] Fedora 30 Update: python-jinja2-2.10.1-1.fc30

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...