PT-2022-21163 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rockert.Chat versions prior to 5 Description: A information disclosure issue exists due to the lack of sanitization of user inputs in the /api/v1/chat.getThreadsList endpoint, which can leak private thread messages to unauthorized users via...

KLA19256 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...

CVE-2022-22089

Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables...

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...

SUSE-SU-2022:3137-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - Updated to version 2.36.7 bsc1202807: - CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution. - Fixed several crashes and rendering issues. - Updated t...

CVE-2022-22097

Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT...

Memory corruption

Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT...

OESA-2022-1891 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A use-after-free flaw was found in libvirt. The qemuMonitorUnregister function in...

PVS Streamprocess: Login failed (error code: 4) for device <devicename>

Target devices are stuck at booting: Application event log is flooded with StreamProcess Event ID 10 that reads: "Login failed error code: 4 for device targetdevice1: No servers available for disk" Application event log will also have Streamprocess event ID 11's which read: "Detected one or more...

virt:ol and virt-devel:ol security, bug fix, and enhancement update

libvirt 8.0.0-5.2.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma 8.0.0-5.2.el8 - cpumap: Disable cpu64-rhel for host-model and baseline rhbz2084030 - cputest: Drop some old artificial baseline tests rhbz2084030 - cputest: Give...

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...

Fedora: Security Advisory for golang-starlark (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...

Hakoriginfinder - Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide vi...

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

...

MariaDB 安全漏洞

MariaDB is the database management system of the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine. a denial of service vulnerability exists in versions of MariaDB Server prior to 10.7, which originates in extra/mariabackup/dscompress.cc, and can be exploited...

new packages: perl-threads-shared

An update is available for perl-threads-shared. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

new packages: perl-threads

An update is available for perl-threads. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...