EUVD-2020-3115

Malware in sbrugna...

Panics as error-handling

Handle nascent Vulnerability details H-04 Panics as error-handling Severity: High Likelihood: Medium The use of .unwrap, expect, and assert! should be limited to tests, compile-time assertions e.g. consts, and configuration checks. Panicks are at the thread level, so stopping one thread...

github.com/unknwon/cae Path Traversal vulnerability

The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

CVE-2019-13915

b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. ...

Private SSL Keys and the Heartbleed OpenSSL Vulnerability

Heartbleed can be patched, and passwords can be changed. But can you steal private keys by taking advantage of the Internet-wide bug in OpenSSL? Yes, but it’s difficult. Stealing private server SSL keys are a real pot at the end of a rainbow for criminal hackers and intelligence agencies alike...

[SECURITY] [DSA 290-1] New sendmail-wide packages fix DoS and arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 290-1 [email protected] http://www.debian.org/security/ Martin Schulze April 17th, 2003 http://www.debian.org/security/faq -...