99 matches found
PT-2021-15235 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.0.0, 3.0.0.rc2, and 3.0.0.rc1 Description: An improper access control issue was identified that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent...
Design/Logic Flaw
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15...
CVE-2018-17145
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15...
Nextcloud: nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets
Summary: CircleCI allows projects to configure whether builds will run as a result of a pull request from a fork, and also whether these fork PRs have access to the secrets stored in the parent repo's CircleCI settings. When both settings are enabled, and the repo associated with the project allo...
CVE-2018-6337
folly::secureRandom will re-use a buffer between parent and child processes when fork is called. That will result in multiple forked children producing repeat or similar results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00...
openSUSE Security Update : libheimdal (openSUSE-2018-876)
This update for libheimdal to version 7.5.0 fixes the following issues : The following security vulnerability was fixed : - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet...
Security update for libheimdal (important)
This update for libheimdal to version 7.5.0 fixes the following issues: The following security vulnerability was fixed: - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet...
SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)
glibc has been updated to fix one security issue and several bugs : Security issue fixed : - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, CVE-2012-6656 - Fixed a stack overflow during hosts parsing CVE-2013-4357 Bugs fixed : - don't touch user-controlled stdio locks in forked...
SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)
glibc has been updated to fix security issues and bugs : - Fix crashes on invalid input in IBM gconv modules. CVE-2014-6040 / CVE-2012-6656, bsc894553, bsc894556, GLIBC BZ 17325, GLIBC BZ 14134 - Avoid infinite loop in nssdns getnetbyname. CVE-2014-9402 - Don't touch user-controlled stdio locks i...
Search all Github Repositories for an Organization
gumbler is a script I wrote to search through git commits and introduced in the blog post "Searching Through Git Commits". Recently I wanted to run Gumbler across all repositories for an organization, the steps are discussed below. First, we need to grab a list of repositories for the ORG. This c...
ArchAssault - Arch Linux ISO for Penetration Testers
The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source. While our Arch Linux...
Fedora 20 : python-crypto-2.6.1-1.fc20 (2013-19390)
In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a race condition that may cause forked processes to generate identical sequences of 'random' numbers. This release fixes the problem by resetting the rate-limiter when Crypto.Random.atfork is invoked. Note that Tenable Network...
Fedora 19 : python-crypto-2.6.1-1.fc19 (2013-19441)
In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a race condition that may cause forked processes to generate identical sequences of 'random' numbers. This release fixes the problem by resetting the rate-limiter when Crypto.Random.atfork is invoked. Note that Tenable Network...
Race condition
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked...
CVE-2010-0923
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked...
Gentoo Security Advisory GLSA 200606-19 (sendmail)
The remote host is missing updates announced in advisory GLSA 200606-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2008-0299
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool...
perl-Net-DNS security issue
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
DEBIAN-CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...