Recent Threads On Index 跨站脚本漏洞

Recent Threads On Index is a library for dragonexpert individual developers. Add sections to the index page for recent threads. A cross-site scripting vulnerability exists in Recent Threads On Index, which stems from cross-site scripting due to incorrect manipulation of the parameter...

[SECURITY] Fedora 36 Update: rr-5.6.0-2.fc36

rr is a lightweight tool for recording and replaying execution of applications trees of processes and threads. For more information, please visit http://rr-project.org...

Cross site scripting

The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible...

Mozilla: Use-after-free in InputStream implementation

The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...

virt:ol and virt-devel:ol security, bug fix, and enhancement update

libguestfs 1.44.0-9.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.44.0-9 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz2101280 1:1.44.0-8 - Obsolete ol...

Memory corruption

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

CVE-2022-25666

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

JSubFinder - Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets

JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go's amazing performance allowing it to utilize large data sets & be easily chained with other tools...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel suffers from a contention condition problem vulnerability that arises from two threads relying on the order or timing of the appearance of events when outputting results...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel suffers from a contention condition problem vulnerability that arises from two threads relying on the order or timing of the appearance of events when outputting results...

CVE-2022-20413

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

Embracing Virtual Threads

Project Loom has made it into the JDK through JEP 425. Its available since Java 19 in September 2022 as a preview feature. Its goal is to dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. Where Virtual Threads make sense This makes...

Google Pixel 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by a logic error in the code beginning with Threads.cpp. An attacker can exploit the vulnerability to obtain sensitive information...

DEBIAN-CVE-2022-29503

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

SUSE-SU-2022:3352-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - CVE-2022-32893: Fixed processing maliciously crafted web content may lead to arbitrary code execution bsc1202807. Bugfixes: - Fixed WebKitGTK not allowing to be used from non-main threads bsc1202169...

SUSE-SU-2022:3351-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - CVE-2022-32893: Fixed several crashes and rendering issues bsc1202807. - Fixed WebKitGTK not allow to be used from non-main threads bsc1202169...

Rocket.Chat 安全漏洞

Rocket.Chat is an open source team chat software. Chat 5.0 before the version of the information leakage vulnerability, the vulnerability stems from /api/v1/chat.getThreadsList lack of user input cleanup, an attacker can exploit the vulnerability through the Mongo DB injection will be private...

PT-2022-21163 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rockert.Chat versions prior to 5 Description: A information disclosure issue exists due to the lack of sanitization of user inputs in the /api/v1/chat.getThreadsList endpoint, which can leak private thread messages to unauthorized users via...