Full Disclosure: by author

Previous period
Next period

75 messages starting Jan 27 24 and ending Jan 26 24
Date index | Thread index | Author index

Alan Coopersmith

Re: Null pointer dereference in Xedit Alan Coopersmith (Jan 27)

Apple Product Security via Fulldisclosure

APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 Apple Product Security via Fulldisclosure (Jan 26)
APPLE-SA-01-22-2024-1 Safari 17.3 Apple Product Security via Fulldisclosure (Jan 26)
APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 Apple Product Security via Fulldisclosure (Jan 26)
APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3 Apple Product Security via Fulldisclosure (Jan 26)
APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4 Apple Product Security via Fulldisclosure (Jan 26)
APPLE-SA-01-22-2024-4 iOS 15.8.1 and iPadOS 15.8.1 Apple Product Security via Fulldisclosure (Jan 26)
APPLE-SA-01-22-2024-9 tvOS 17.3 Apple Product Security via Fulldisclosure (Jan 26)
APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5 Apple Product Security via Fulldisclosure (Jan 26)
APPLE-SA-01-22-2024-8 watchOS 10.3 Apple Product Security via Fulldisclosure (Jan 26)

Balgogan via Fulldisclosure

[Full Disclosure] CVE-2024-22900: Unpatched Command Injection in Vinchin Backup and Recovery Versions 7.2 and Earlier Balgogan via Fulldisclosure (Jan 26)

Dan Cross

Re: NULL pointer dereference in freedesktop Mesa via check_xshm() Dan Cross (Jan 27)

fulldisclosure

Re: cpio privilege escalation vulnerability via setuid files in cpio archive fulldisclosure (Jan 14)

Georgi Guninski

Yet another fork()/malloc() bomb in javascript + SIGILL in Chrome Georgi Guninski (Jan 26)
Re: cpio privilege escalation vulnerability via setuid files in cpio archive Georgi Guninski (Jan 14)
Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2) Georgi Guninski (Jan 18)
cpio privilege escalation vulnerability via setuid files in cpio archive Georgi Guninski (Jan 08)

Harry Sintonen via Fulldisclosure

Re: cpio privilege escalation vulnerability via setuid files in cpio archive Harry Sintonen via Fulldisclosure (Jan 14)
Re: cpio privilege escalation vulnerability via setuid files in cpio archive Harry Sintonen via Fulldisclosure (Jan 14)

hyp3rlinx

RansomLord v2 - Anti-Ransomware Exploitation Tool / New Release hyp3rlinx (Jan 04)
Windows PowerShell Single Quote Code Execution / Event Log Bypass hyp3rlinx (Jan 04)

Jeffrey Walton

Re: ODR violation in Redis Raft Jeffrey Walton (Jan 18)

Joshua Rogers

SSH-Snake: Automated SSH-Based Network Traversal Joshua Rogers (Jan 08)

malvuln

TrojanSpy Win32 Nivdort / Insecure Permissions - EoP (SYSTEM) malvuln (Jan 26)
Backdoor.Win32 Carbanak (Anunak) / Named Pipe Null DACL malvuln (Jan 14)

Mark Esler

CVEs based on commit messages Mark Esler (Jan 27)
Re: null pointer deference in nano via read_the_list() Mark Esler (Jan 27)

Martin Heiland via Fulldisclosure

OXAS-ADV-2023-0005: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Jan 08)
OXAS-ADV-2023-0006: OX App Suite Security Advisory Martin Heiland via Fulldisclosure (Jan 08)

Matthew Fernandez

Re: Buffer Overflow in graphviz via via a crafted config6a file Matthew Fernandez (Jan 27)

Meng Ruijie

Null pointer deference in freedesktop mesa Meng Ruijie (Jan 26)
null pointer deference in LLVM Meng Ruijie (Jan 26)
NULL pointer dereference in glXGetDrawableScreen() of OpenGL libglvnd Meng Ruijie (Jan 26)
ODR violation in Redis Raft Meng Ruijie (Jan 17)
null pointer deference in GNU Midnight at /tty/x11conn.c Meng Ruijie (Jan 26)
Misues same epoch number within TCP lifetime in TinyDTLS Meng Ruijie (Jan 17)
Incorrect handshake in TinyDTLS Meng Ruijie (Jan 17)
null pointer deference in tex-live via a crafted cmr10.pfb Meng Ruijie (Jan 26)
arithmetic exception in S-lang via the function tt_sprintf() Meng Ruijie (Jan 26)
Assertion failure in check_certificate_request() of TinyDTLS Meng Ruijie (Jan 17)
null pointer deference in MiniZinc via a crafted .mzn file Meng Ruijie (Jan 26)
Null pointer dereference in Xedit Meng Ruijie (Jan 26)
SEGV in S-Lang via fixup_tgetstr() Meng Ruijie (Jan 26)
null pointer deference in Sane via a crafted config file Meng Ruijie (Jan 26)
Mishandle epoch number in TinyDTLS servers Meng Ruijie (Jan 17)
null pointer deference in gnome gtk via init_randr15() at gdkscreen-x11.c Meng Ruijie (Jan 26)
null pointer deference in gnome gdk-pixbuf Meng Ruijie (Jan 26)
Buffer Overflow in glXQueryServerString() of mesa Meng Ruijie (Jan 26)
Null pointer deference in XGetWMHints() of Xfig Meng Ruijie (Jan 26)
NULL pointer dereference in freedesktop Mesa via check_xshm() Meng Ruijie (Jan 26)
Buffer over-read in dtls_sha256_update of TinyDTLS Meng Ruijie (Jan 17)
NULL pointer dereference in XIQueryDevice() of gnome gtk Meng Ruijie (Jan 26)
Buffer overflow in Sane Meng Ruijie (Jan 26)
null pointer deference in nano via read_the_list() Meng Ruijie (Jan 26)
Buffer over-read in TinyDTLS Meng Ruijie (Jan 17)
NULL pointer dereference in tgetstr() of ncurses Meng Ruijie (Jan 26)
NULL pointer dereference in QT via the function QXcbConnection::initializeAllAtoms() Meng Ruijie (Jan 26)
Buffer Overflow in graphviz via via a crafted config6a file Meng Ruijie (Jan 26)
NULL pointer dereference in __glXGetDrawableAttribute() of Mesa Meng Ruijie (Jan 26)
Infinite loop leading to buffer overflow in TinyDTLS Meng Ruijie (Jan 17)
NULL pointer dereference in the function handle_viminfo_register() of vim Meng Ruijie (Jan 26)
null pointer deference in MiniZinc via a crafted Preferences.json file Meng Ruijie (Jan 26)
null pointer deference in tex-live Meng Ruijie (Jan 26)
null pointer deference in gnome gtk via parse_settings() at xsettings-client.c Meng Ruijie (Jan 26)

psy

PrommetriX - (Prometheus Metrics Leaker) released! psy (Jan 26)

Rahim, Mohaiman via Fulldisclosure

Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031) Rahim, Mohaiman via Fulldisclosure (Jan 26)

SBA - Advisory via Fulldisclosure

[SBA-ADV-20200707-02] CVE-2020-36772: CloudLinux CageFS 7.0.8-2 or below Insufficiently Restricted Proxy Command SBA - Advisory via Fulldisclosure (Jan 26)
[SBA-ADV-20200707-01] CVE-2020-36771: CloudLinux CageFS 7.1.1-1 or below Token Disclosure SBA - Advisory via Fulldisclosure (Jan 26)
Re: [SBA-ADV-20220120-01] MOKOSmart MKGW1 Gateway Improper Session Management SBA - Advisory via Fulldisclosure (Jan 14)

Soatok Dreamseeker

Legends of IdleOn - I Reject Your RNG And Substitute My Own Soatok Dreamseeker (Jan 17)

Thomas Weber via Fulldisclosure

CyberDanube Security Research 20240109-0 | Multiple Vulnerabilities in JetNet Series Thomas Weber via Fulldisclosure (Jan 14)

Valentin Lobstein via Fulldisclosure

[Full Disclosure] CVE-2024-22899: Unpatched Command Injection in Vinchin Backup and Recovery Versions 7.2 and Earlier Valentin Lobstein via Fulldisclosure (Jan 26)
[Full Disclosure] CVE-2024-22901: Default MYSQL Credentials in Vinchin Backup & Recovery v7.2 and Earlier Valentin Lobstein via Fulldisclosure (Jan 26)
[Full Disclosure] CVE-2024-22902: Default Root Credentials in Vinchin Backup & Recovery v7.2 and Earlier Valentin Lobstein via Fulldisclosure (Jan 26)
[Full Disclosure] CVE-2024-22903: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier Valentin Lobstein via Fulldisclosure (Jan 26)
Previous period
Next period