USN-3143-1: c-ares vulnerability

Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code...

ARM guests may induce host asynchronous abort

ISSUE DESCRIPTION Depending on how the hardware and firmware have been integrated, guest-triggered asynchronous aborts SError on ARMv8 may be received by the hypervisor. The current action is to crash the host. A guest might trigger an asynchronous abort when accessing memory mapped hardware in a...

libuv: Privilege escalation

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description It was discovered that libuv does not call setgroups before calling setuid/setgid. If this is not called, then even though the uid has been dropped, there may still be groups associated that permit...

openSUSE Security Update : Mozilla Firefox (openSUSE-2016-1271)

Mozilla Firefox was updated to 49.0.2 to fix two security issues and some bugs. The following vulnerabilities were fixed : - CVE-2016-5287: Crash in nsTArraybase bsc1006475 - CVE-2016-5288: Web content can read cache entries bsc1006476 The following changes and fixes are included : - Asynchronous...

kernel: Null pointer dereference in trace_writeback_dirty_page()

A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at tracewritebackdirtypage, because aiofsbackingdevinfo.dev is 0...

kernel: Null pointer dereference in trace_writeback_dirty_page()

A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at tracewritebackdirtypage, because aiofsbackingdevinfo.dev is 0...

[SECURITY] Fedora 23 Update: c-ares-1.12.0-1.fc23

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 23 Update: mingw-c-ares-1.12.0-1.fc23

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 24 Update: mingw-c-ares-1.12.0-1.fc24

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 25 Update: mingw-c-ares-1.12.0-1.fc25

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 25 Update: c-ares-1.12.0-1.fc25

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 24 Update: c-ares-1.12.0-1.fc24

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

UBUNTU-CVE-2016-6345

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...

Slack: Race Condition in account survey

There exists a race condition in the beginning survey, allowing a user to get $100 in credit multiple times. In my example, I made 2 asynchronous requests, and was credited with $200. POC: 1. Create a new slack team. 2. Set your password, and find the account creation survey. 3. Complete the...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

Raptor - Web-based Source Code Vulnerability Scanner

Raptor is a web-based web-serivce + UI github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

UBUNTU-CVE-2016-6635

Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...