OSV-2021-437 Heap-use-after-free in ofats::any_detail::handler_traits<void>::handler_base<ofats::any_detail::handler

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31209 Crash type: Heap-use-after-free WRITE 8 Crash state: ofats::anydetail::handlertraits::handlerbaseofats::anydetail::handler uWS::Loop::wakeupCb usinternaldispatchreadypoll...

OSV-2018-206 Heap-buffer-overflow in parse_sigalgs_list

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9808 Crash type: Heap-buffer-overflow READ 1 Crash state: parsesigalgslist SSLCTXset1sigalgslist std::1::functionvoid...

GHSA-7HWC-46RM-65JH Denial of service in XStream

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

Analyzing IoT Security Best Practices

New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things IoT security have recently attracted considerable attention worldwide from industry and governments, while academic research...

CVE-2019-20831

An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash...

CVE-2019-20831

An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash...

Code injection

An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash...

CVE-2019-20831

CVE-2019-20831 : Affected product is Foxit Reader/PhantomPDF with the 3D Plugin Beta prior to version 9.5.0.20733. The issue arises from void data mishandling in the plugin, which can cause the application to crash. The connected Red Hat/CVE and CNVD entries corroborate the same description. No e...

CVE-2019-20831

An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash...

DEBIAN-CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

CVE-2019-19882

CVE-2019-19882 affects Shadow 4.8 when built with --with-libpam but without --disable-account-tools-setuid and without a PAM config compatible with setuid tools, enabling local users to escalate to root via account-management utilities (groupadd, groupdel, groupmod, useradd, userdel, usermod). Th...

CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...

Slither v0.6.7 - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

Lazygit - Simple Terminal UI For Git Commands

A simple terminal UI for git commands, written in Go with the gocui library. Are YOU tired of typing every git command directly into the terminal, but you're too stubborn to use Sourcetree because you'll never forgive Atlassian for making Jira? This is the app for you! Installation Homebrew brew...

CVE-2019-5720

includes/db/class.reflinesdb.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the voidtransaction.php filterType parameter...

CVE-2018-11594

Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c...

CVE-2018-11594

Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c...

librawspeed/Cr2DecompressorFuzzer: Use-after-poison in void rawspeed::Cr2Decompressor::decodeN_X_Y<4, 1, 1>

Project: https://github.com/darktable-org/rawspeed.git Detailed report: https://oss-fuzz.com/testcase?key=5657069119078400 Project: librawspeed Fuzzer: afllibrawspeedCr2DecompressorFuzzer Fuzz target binary: Cr2DecompressorFuzzer Job Type: aflasanlibrawspeed Platform Id: linux Crash Type:...