1097 matches found
USN-5399-1: libvirt vulnerabilities
It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-3667 It was discovered that libvirt...
Apache Tomcat DoS Via Requests Including Null Characters
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service resource exhaustion via a large number of requests to the server with null characters, which causes the working threads to hang...
GSD-2022-1001983 NFS: Avoid writeback threads getting stuck in mempool_alloc()
NFS: Avoid writeback threads getting stuck in mempoolalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.111 by commit...
GSD-2022-1001694 NFS: Avoid writeback threads getting stuck in mempool_alloc()
NFS: Avoid writeback threads getting stuck in mempoolalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.34 by commit...
GSD-2022-1001368 NFS: Avoid writeback threads getting stuck in mempool_alloc()
NFS: Avoid writeback threads getting stuck in mempoolalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...
GSD-2022-1001025 NFS: Avoid writeback threads getting stuck in mempool_alloc()
NFS: Avoid writeback threads getting stuck in mempoolalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...
Microsoft Teams Targeted With Takeover Trojans
Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops...
SMBSR - Lookup For Interesting Stuff In SMB Shares
Well, SMBSR is a python script which given a CIDR/IP/IPfile/HOSTNAMEs enumerates all the SMB services listening 445 among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files...
PYSEC-2022-111
Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...
CVE-2022-21732
Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...
PT-2022-15072 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected Description: The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is...
Kerbrute - An Script To Perform Kerberos Bruteforcing By Using Impacket
An script to perform kerberos bruteforcing by using the Impacket library. When is executed, as input it receives a user or list of users and a password or list of password. Then is performs a brute-force attack to enumerate: Valid username/passwords pairs Valid usernames Usernames without...
Comment reply notifications sent to incorrect users
Impact When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not had editing access t...
CVE-2022-21683
Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...
Code injection
Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...
CVE-2022-21683 Comment reply notifications sent to incorrect users in wagtail
Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...
LACheck - Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration
Multithreaded C .NET Assembly Local Administrative Privilege Enumeration Arguments domain controller to query if not ran on a domain-joined host /domain - specify domain name if not ran on a domain-joined host /edr - check host for EDR requires smb, rpc, or winrm /logons - return logged on users ...
Memory corruption
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...
SourceLeakHacker - A Multi Threads Web Application Source Leak Scanner
SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage dictionary scale --output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss --threads THREADS, -t THREADS threads numbers, default: 4 --timeout TIMEOUT HTTP request timeout...