Loading...

Tag trends are in beta. Feedback? Thoughts? Email me at [email protected]

oss-sec: shell wildcard expansion (un)safety

Arbitrary shell command evaluation in Org Mode (GNU Emacs)

Microsoft PlayReady – Complete Client Identity Compromise

Format String Attacks (2000)

GNU emacs 29.3 released to fix security issues

Bugtraq: Userland Exec (2004)

The Microsoft way (part 86): shipping rotten software

Linux kernel use-after-free in Netfilter, local privilege escalation

double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)

CVE-2022-46176: Cargo does not check SSH host keys

CVE-2023-22809: Sudoedit can edit arbitrary files

Full Disclosure: 123ADV-001: Stack Buffer Overflow in Lotus 1-2-3 R3 for UNIX/Linux

Linux kernel heap buffer overflow in fs_context.c since version 5.1

Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

CVE-2021-4122 decryption through LUKS2 reencryption crash recovery

Outdated, vulnerable open source component(s) shipped with Windows 10&11

Bugtraq: BugTraq Shutdown

sudo: Ineffective NO_ROOT_MAILER and Baron Samedit

CVE-2019-14899 Inferring and hijacking VPN-tunneled TCP connections

FortiGuard XOR Encryption in Multiple Fortinet Products

Docker is vulnerable to a symlink-race attack

CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message

CVE-2019-5736: runc container breakout

OpenSSH Username Enumeration

CVE-2018-11769: Apache CouchDB Remote Code Execution ( Versions 1.x and ≤2.1.2)

Back To The Future: Unix Wildcards Gone Wild

Confirmed: Speculative register leakage from lazy FPU context switching

AMD PSP: Firmware TPM Remote Code Execution via Crafted EK Certificate

oss-sec: Go programming language invalid modular exponentiation result (Exp() in math/big pkg)

Vaadin Javascript Injection

More →