[SECURITY] Fedora 25 Update: c-ares-1.12.0-1.fc25

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 24 Update: c-ares-1.12.0-1.fc24

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

UBUNTU-CVE-2016-6345

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...

Slack: Race Condition in account survey

There exists a race condition in the beginning survey, allowing a user to get $100 in credit multiple times. In my example, I made 2 asynchronous requests, and was credited with $200. POC: 1. Create a new slack team. 2. Set your password, and find the account creation survey. 3. Complete the...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

Raptor - Web-based Source Code Vulnerability Scanner

Raptor is a web-based web-serivce + UI github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

UBUNTU-CVE-2016-6635

Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...

[SECURITY] Fedora 24 Update: php-guzzlehttp-guzzle6-6.2.1-1.fc24

Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and tr ivial to integrate with web services. Simple interface for building query strings, POST requests, streaming lar ge uploads, streaming large downloads, using HTTP cookies, uploading JSON da ta, etc... Can send both...

Urban Dictionary: Race Condition in Definition Votes

There exists a race condition vulnerability in definition votes, allowing any user to artificially manipulate the number of up/down votes for a definition by making asynchronous requests to vote. A malicious user can use this method to reach any number of up or down votes for a definition. See th...

USN-3037-1 linux-lts-vivid vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

USN-3036-1 linux-lts-utopic vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

USN-3034-1 linux vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

USN-3034-1: Linux kernel vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

DEBIAN-CVE-2016-5126

Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...

CVE-2016-5126

Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...

CVE-2016-5126

Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...

CVE-2016-5126

Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...