Re: [FD] ODR violation in Redis Raft

On Wed, Jan 17, 2024 at 3:29 PM Meng Ruijie wrote: > > [Suggested description] > Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR > violation via the component hiredisAllocFns at > /opt/fs/redisraft/deps/hiredis/alloc.c. > > [VulnerabilityType Other] >

Re: [FD] Anomaly in Fedora `dnf update`: md5 mismatch of result

On Tue, Aug 15, 2023 at 1:25 PM Georgi Guninski wrote: > > In short, I found anomaly in Fedora 37 and would like to > know if it is vulnerability. > > As root type in terminal: > dnf update > > If there is kernel update, watch stdout and stderr for: > > ##On Mon Aug 14 05:33:29 AM UTC 2023 >

Re: [FD] Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability

On Sun, Jul 16, 2023 at 7:39 PM Jens Timmerman wrote: > > On 03/07/2023 16:59, i...@esec-service.de wrote: > > Document Title: > > === > > Citrix Gateway MFA - Insufficient Session Validation Vulnerability > > > > > > Technical Details & Description: > >

Re: [FD] Spammers Using storage[.]googleapis[.]com ?!!?

On Tue, Aug 3, 2021 at 1:35 PM Nick Boyce wrote: > > I notice that among the spam in my Gmail spam folder, there are a > number of "address-check" type messages (i.e. that just seek > confirmation my address exists), which attempt to get their response > by performing a scripted redirect via a

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

On Fri, Feb 9, 2018 at 1:01 PM, Stefan Kanthak wrote: > Hi @ll, > > since about two or three years now, Microsoft offers Skype as > optional update on Windows/Microsoft Update. > > JFTR: for Microsoft's euphemistic use of "update" see >

Re: [FD] Banknotes Misproduction security & biometric weakness

On Tue, Jan 30, 2018 at 4:08 AM, Vulnerability Lab wrote: > Document Title: > === > Banknotes Misproduction security & biometric weakness > ... > > Technical Details & Description: > > In the last months we reviewed the

Re: [FD] Follow-up on CVE-2017-8769 - WhatsApp Issues with Media Files

On Tue, Dec 5, 2017 at 5:27 PM, Nightwatch Cybersecurity Research wrote: > [https://wwws.nightwatchcybersecurity.com/2017/05/17/advisory-whatsapp-for-android-privacy-issues-with-handling-of-media-files-cve-2017-8769/] > > We reported an issue earlier this

Re: [FD] Grandstream VoIP phone: SSH key backdoor and multiple vulnerabilities leading to RCE as root (David Jorm

A final issue I've reported to them in the past that's not resolved is the SSH host key being shared across all phones of the same firmware version. The authenticity of host '10.150.117.57 (10.150.117.57)' can't be established. RSA key fingerprint is

[FD] CVE for Apple's ECDHE-ECDSA SecureTransport bug?

Does anyone know if Apple's ECDHE-ECDSA SecureTransport bug was assigned a CVE? It affected OS X and iOS. Effectively, the bug was an implementation error that cause interoperability failures. To mostly counter it, the cipher suites had to be disabled, which resulted in a loss of security. If the

Re: [FD] several issues in SQLite (+ catching up on several other bugs)

On Sun, Apr 19, 2015 at 8:08 PM, Michal Zalewski lcam...@coredump.cx wrote: Richard and the team certainly have been busy bees: https://www.sqlite.org/src/timeline?n=152y=civ=0ym=2015-04t=trunk Yup. In addition to the crashes, I also sent them probably around 50-60 assert failures in debug

Re: [FD] Cyanogenmod MITM: proven, despite cyanogenmod's public denail

Re: [FD] Cyanogenmod MITM: proven, despite cyanogenmod's public denail Its not clear to me where its been proven. I think your post is missing some information, like the smoking gun. (It may exist, you just didn't make it clear). If I understand correctly, the original reporter may have been

[FD] Bitstamp - Possible breach

Does anyone know someone from Bitstamp? Someone has posted an alleged partial dump of their user database at http://pastebin.com/WmpFfEmn. Unfortunately, Bitstamp's homepage (http://www.bitstamp.net/) does not list contact information or a link to give them a heads up.

Re: [FD] TrueCrypt?

On Fri, May 30, 2014 at 4:02 PM, uname -a sec.l...@gmx.net wrote: Really? https://blog.0xbadc0de.be/archives/155 note: I did not break the official algorithm. I do not know the secret value used to compute the Q constant, and thus cannot break the default implementation. Only NSA (and people

Re: [FD] Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files

the current version of iTunes for Windows (and of course older versions too) associates the following vulnerable command lines with some of the supported file types/extensions: They also install Bonjour and a couple of other services as NT Authorty/SYSTEM, don't drop privileges, and open

Re: [FD] Security flaw in Full Disclosure mailing list

On Wed, Apr 2, 2014 at 4:25 PM, Ron r...@skullsecurity.net wrote: That doesn't change the fact that it's storing the passwords in plaintext, though, it just hides the 'your passwords are completely insecure' issue a little bit. Mailman 3 might be changing that behavior. See Password handling in