1. CVE-2020-8006 Pre-Auth Stack Based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10)
The server in Circontrol Raption through 5.11.2 has a pre-authentication
stack-based buffer overflow that can be exploited to gain run-time control
of the device as root.
When the server parses the HTTP headers and finds the Basic-Authentication
tag it will call a base64 decode function. This function…
Posted by Artur Janicki via Fulldisclosure on Mar 27
[APOLOGIES FOR CROSS-POSTING]
CALL FOR PAPERS
13th International Workshop on Cyber Crime (IWCC 2024 – https://www.ares-conference.eu/iwcc/)
to be held in conjunction with the 19th International Conference on
Availability, Reliability and Security (ARES 2024 – http://www.ares-conference.eu)
July 30 – August 02, 2024, Vienna, Austria
IMPORTANT DATES
Submission Deadline May 12, 2024
Author Notification May 29, 2024
Proceedings Version…
Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.
USN-6718-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)
Security fixes for CVE-2021-42260, CVE-2023-34194 and its duplicate CVE-2023-40462.
Fix incorrect text element encoding (upstream isssue #51).
Enable tests.
Security fixes for CVE-2021-42260, CVE-2023-34194 and its duplicate CVE-2023-40462.
Fix incorrect text element encoding (upstream isssue #51).
Enable tests.
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
