PT-2023-8000

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC SETCONF ioctl on the same tty file descriptor with t...

x86/Intel: Gather Data Sampling

ISSUE DESCRIPTION A researcher has discovered Gather Data Sampling, a transient execution side-channel whereby the AVX GATHER instructions can forward the content of stale vector registers to dependent instructions. The physical register file is a structure competitively shared between sibling...

Exploit for CVE-2023-38646

🛡️ Exploit for CVE-2023-38646 🛡️ Welcome to this powerful exp...

x86/AMD: Zenbleed

ISSUE DESCRIPTION Researchers at Google have discovered Zenbleed, a hardware bug causing corruption of the vector registers. When a VZEROUPPER instruction is discarded as part of a bad transient execution path, its effect on internal tracking are not unwound correctly. This manifests as the wrong...

Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe

By Habiba Rashid Due to privacy concerns, Meta has not yet released the Threads app in EU countries, creating a loophole for criminals to upload fake versions of the app. This is a post from HackRead.com Read the original post: Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe...

Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission DPC. The development was reported by the Irish Independent, which said the watchdog has been in contact with the soci...

Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission DPC. The development was reported by the Irish Independent, which said the watchdog has been in contact with the soci...

SUSE CVE-2023-3397

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information...

CVE-2023-2787

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

Code injection

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

CVE-2023-2787

Mattermost is affected by CVE-2023-2787: a channel membership check failure when accessing message threads allows viewing posts via the Message Threads API. The root cause is an access control error that does not verify identity of channel members for message-thread access, potentially exposing c...

CVE-2023-2787 Collapsed Reply Threads APIs leak message contents from private channels

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

CVE-2023-2787 Collapsed Reply Threads APIs leak message contents from private channels

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

PT-2023-21384 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to access arbitrary posts by using the message threads API, as Mattermost fails to check channel membership when accessing message threads. Recommendations: ...

ROS-20230616-02

Vulnerability in libavcodec/pthreadframe.c component of FFmpeg multimedia library is related to memory usage after it is freed when processing worker threads with hwaccel decoder. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

Fiber - Using Fibers To Run In-Memory Code In A Different And Stealthy Way

A fiber is a unit of execution that must be manually scheduled by the application rather than rely on the priority-based scheduling mechanism built into Windows. Fibers are often called lightweight threads. For more detailed information about what are and how fibers work consult the official...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. An information disclosure vulnerability exists in Discourse versions 3.0.3 stable and earlier, and 3.1.0.beta5 and earlier, which can be exploited by an attacker to...

Exploit for OS Command Injection in Eparks Fiberlink_210_Firmware

CVE-2023-33617 Authenticated OS command injection vulnerabili...

kernel: NFS: Avoid writeback threads getting stuck in mempool_alloc()

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

This Week in Spring - May 2, 20223

Hi, Spring fans! Welcome to another installment of This Week in Spring! You realize it's already May, 2023? Time's flying, way too quickly! I just got back from Bangalore, India, where I spoke at the amazing Great International Developer Summit, one of the all time best shows ever, and now I'm...