c-ares: Denial of service

Background c-ares is an asynchronous resolver library. Description It was discovered that c-ares incorrectly handled certain DNS requests. Impact A remote attacker, able to trigger a DNS request for a host of their choice by an application linked against c-ares, could possibly cause a Denial of...

Microsoft Azure Sphere Denial of Service Vulnerability (CNVD-2020-73757)

Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A denial of service vulnerability exists in Microsoft Azure Sphere version 20.05, which stems from the asynchronous ioctl feature of Microsoft Azure Sphere 20.05. An attacker could...

CVE-2020-35609

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability...

Denial of service

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability...

Microsoft Azure Sphere 注入漏洞

Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A denial of service vulnerability exists in Microsoft Azure Sphere version 20.05, which stems from the asynchronous ioctl feature of Microsoft Azure Sphere 20.05. An attacker could...

CVE-2020-26281

async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...

Http-rs Async-h1 Environment Issue Vulnerability

Http-rs Async-h1 is a Rust-based asynchronous Http parser from the Http-rs team. A security vulnerability exists in async-h1 versions prior to 2.3.0, which stems from the presence of a request smuggling vulnerability. This vulnerability affects any web server that uses async-h1 behind a reverse...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.8 release and security update

Red Hat AMQ Broker 7.8 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2020-29441

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space Denial of Service, corrupt legitimate data if files are being processed...

USN-4638-1: c-ares vulnerability

It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service...

Unbreakable Enterprise kernel security update

5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...

USN-4548-1: libuv vulnerability

It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

Fedora: Security Advisory for zeromq (FEDORA-2020-5460fcf6bd)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Vulnerability in side channel in Intel CPUs affect IBM Cloud Pak System (CVE-2019-11135)

Summary IBM Cloud Pak System when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information. OS image for RedHat Enterprise Linux for Cloud Pak System is shipped as component for IBM Cloud Pak System. OS image for RedHat Enterprise Linux addressed vulnerability...

Race condition

u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

Oracle Linux 8 : virt:ol (ELSA-2020-0279)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-0279 advisory. - cpumap: Add TAANO bit for IA32ARCHCAPABILITIES MSR CVE-2019-11135 - cpumap: Add TSXCTRL bit for IA32ARCHCAPABILITIES MSR CVE-2019-11135 - api: disallow...

SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments

SharpHose is a C password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers...

Internet Systems Consortium's BIND TCP Receive Buffer Length Assertion Check Denial of Service Vulnerability

Summary An assertion failure exists within the Internet Systems Consortium’s BIND server versions 9.16.1 through 9.17.1 when processing TCP traffic via the libuv library. Due to a length specified within a callback for the library, flooding the server’s TCP port used for larger DNS requests AXFR...

Missing Linux Kernel mitigations for 'TAA - TSX Asynchronous Abort' hardware vulnerabilities (INTEL-SA-00270)

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.4.4 release and security update

Red Hat AMQ Broker 7.4.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...