CVE-2020-29511

The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

CVE-2020-29511

CVE-2020-29511 affects the Go standard library encoding/xml. The initial description states that all Go versions fail to preserve the semantics of element namespace prefixes during tokenization round-trips, enabling inputs that may behave inconsistently across processing stages in affected downst...

CVE-2020-29510

CVE-2020-29510 concerns the encoding/xml package in Go versions 1.15 and earlier, where tokenization round-trips fail to preserve directive semantics. This can let an attacker craft inputs that behave differently across processing stages in affected downstream applications. The connected OSV entr...

CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

Google Go encoding security vulnerability

Google Go encoding is a code library from Google Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in the Go encoding/xml package that stems from not properly preserving the semantics of attribute namespace prefixes during tokenizatio...

PT-2020-17182 · Go +1 · Encoding/Xml Package +1

Name of the Vulnerable Software and Affected Versions: encoding/xml package in Go all versions Description: The issue arises from the encoding/xml package in Go not correctly preserving the semantics of element namespace prefixes during tokenization round-trips. This allows an attacker to craft...

PT-2020-17181 · Go +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions 1.15 and earlier Description: The issue arises from the encoding/xml package in Go not correctly preserving the semantics of directives during tokenization round-trips. This allows an attacker to craft inputs that behave in...

Leak Exposes Private Data of Genealogy Service Users

A server containing information of users of a genealogy service has exposed the data of 60,000 users, putting them at risk for fraud, phishing and other cybercriminal activity. Research led by Avishai Efrat at WizCase has discovered the leak, which affected an open and unencrypted ElasticSearch...

Internet Bug Bounty: Squid leaks previous content from reusable buffer

Summary: A malicious response to a FTP request can cause Squid to miscalculate the length of a string copying data past the terminating NULL. Due to Squid's memory pool the contents that is exposed could range from internal data, to other user's private Request/Response to Squid. This exist in...

QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches

Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable...

CVE-2017-11548

The tokenizematrix function in audioout.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service memory corruption via a crafted MP3 file...

Xiph.Org libao '_tokenize_matrix' function denial of service vulnerability

Xiph.Org libao is a cross-platform audio library capable of outputting audio on a variety of different platforms. A security vulnerability exists in the 'tokenizematrix' function of the audioout.c file in Xiph.Org libao version 1.2.0. A remote attacker can exploit this vulnerability to cause a...

Chip-and-PIN Credit Cards and The Deadline: Here's What You need To Know

October 1 Liability shift ENDS! Today, 1st October 2015, is the deadline for US-based Banks and Retailers to roll out Chip-embedded Credit Cards powered by EVM Technology to customers that will make transactions more secure. EVM Technology stands for Europay, MasterCard and Visa -- a global...

Emerging Payment Technologies and Due Diligence: A Warning about “Silver Bullets”

2015 will be an exciting year for the payments industry, especially for merchants that now have a number of new payment technologies at their disposal. Emerging payment technologies such as Point-to-Point-Encryption P2PE, Tokenization, EMV/Chip and Signature and Mobile Payment Acceptance are...

Payment Card processing services upgrading to Chip-and-PIN and Point-to-Point Encryption

The massive data breaches in U.S retailers 'Target' and 'Neiman Marcus', in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, have put a spotlight on the need for more secure transactions. To tackle this issue, the two major payment card...

osTicket 1.7 DPR3 XSS / Disclosure / Redirect / SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

South Carolina Data Breach Casts Spotlight on Lack of Encryption, Stolen Credentials

South Carolina governor Nikki Haley said a mouthful this week when she spilled a dirty industry secret that Social Security numbers are generally not encrypted by state agencies. Reeling from a Department of Revenue data breach that leaked 3.6 million Social Security and credit card numbers as we...

Memory corruption

CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via unspecified vectors...

CVE-2011-0259

CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via unspecified vectors...

New Guidelines Address PCI DSS Tokenization

"Tokenization" is one of the best techniques to reduce the risk of credit card data loss. Basically, it is the process of substituting sensitive data with other values not considered sensitive. By doing this, tokenization technology essentially removes anything of value from the data stream, and,...