Lucene search
K

99 matches found

Positive Technologies
Positive Technologies
added 2021/03/03 12:0 a.m.12 views

PT-2021-15235 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.0.0, 3.0.0.rc2, and 3.0.0.rc1 Description: An improper access control issue was identified that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent...

6.5CVSS6.3AI score0.0081EPSS
Exploits0References6
Prion
Prion
added 2020/09/10 5:15 p.m.15 views

Design/Logic Flaw

Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15...

5CVSS7.5AI score0.03411EPSS
Exploits1References4Affected Software7
Cvelist
Cvelist
added 2020/09/10 4:32 p.m.37 views

CVE-2018-17145

Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15...

7.5AI score0.03411EPSS
Exploits1References4
Hacker One
Hacker One
added 2020/02/12 11:8 a.m.32 views

Nextcloud: nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets

Summary: CircleCI allows projects to configure whether builds will run as a result of a pull request from a fork, and also whether these fork PRs have access to the secrets stored in the parent repo's CircleCI settings. When both settings are enabled, and the repo associated with the project allo...

6.7AI score
Exploits0
NVD
NVD
added 2018/12/31 10:29 p.m.26 views

CVE-2018-6337

folly::secureRandom will re-use a buffer between parent and child processes when fork is called. That will result in multiple forked children producing repeat or similar results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00...

7.5CVSS7.6AI score0.01778EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/08/17 12:0 a.m.28 views

openSUSE Security Update : libheimdal (openSUSE-2018-876)

This update for libheimdal to version 7.5.0 fixes the following issues : The following security vulnerability was fixed : - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet...

7.5CVSS7.2AI score0.03427EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2018/08/16 3:22 p.m.64 views

Security update for libheimdal (important)

This update for libheimdal to version 7.5.0 fixes the following issues: The following security vulnerability was fixed: - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet...

5CVSS2.2AI score0.03427EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/05/20 12:0 a.m.36 views

SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)

glibc has been updated to fix one security issue and several bugs : Security issue fixed : - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, CVE-2012-6656 - Fixed a stack overflow during hosts parsing CVE-2013-4357 Bugs fixed : - don't touch user-controlled stdio locks in forked...

7.5CVSS7.4AI score0.06564EPSS
Exploits3References13
Tenable Nessus
Tenable Nessus
added 2015/02/11 12:0 a.m.18 views

SuSE 11.3 Security Update : glibc (SAT Patch Number 10259)

glibc has been updated to fix security issues and bugs : - Fix crashes on invalid input in IBM gconv modules. CVE-2014-6040 / CVE-2012-6656, bsc894553, bsc894556, GLIBC BZ 17325, GLIBC BZ 14134 - Avoid infinite loop in nssdns getnetbyname. CVE-2014-9402 - Don't touch user-controlled stdio locks i...

7.8CVSS7.6AI score0.07688EPSS
Exploits5References12
Silent Robot Systems
Silent Robot Systems
added 2015/01/10 4:0 a.m.8 views

Search all Github Repositories for an Organization

gumbler is a script I wrote to search through git commits and introduced in the blog post "Searching Through Git Commits". Recently I wanted to run Gumbler across all repositories for an organization, the steps are discussed below. First, we need to grab a list of repositories for the ORG. This c...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2014/06/16 11:55 p.m.201 views

ArchAssault - Arch Linux ISO for Penetration Testers

The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source. While our Arch Linux...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/11/11 12:0 a.m.23 views

Fedora 20 : python-crypto-2.6.1-1.fc20 (2013-19390)

In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a race condition that may cause forked processes to generate identical sequences of 'random' numbers. This release fixes the problem by resetting the rate-limiter when Crypto.Random.atfork is invoked. Note that Tenable Network...

4.3CVSS8.1AI score0.02007EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2013/10/27 12:0 a.m.24 views

Fedora 19 : python-crypto-2.6.1-1.fc19 (2013-19441)

In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a race condition that may cause forked processes to generate identical sequences of 'random' numbers. This release fixes the problem by resetting the rate-limiter when Crypto.Random.atfork is invoked. Note that Tenable Network...

4.3CVSS8.1AI score0.02007EPSS
Exploits1References4
Prion
Prion
added 2010/03/03 7:30 p.m.15 views

Race condition

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked...

6.9CVSS7AI score0.00283EPSS
Exploits0References14Affected Software1
UbuntuCve
UbuntuCve
added 2010/03/03 7:30 p.m.26 views

CVE-2010-0923

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked...

6.9CVSS5.9AI score0.00283EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.21 views

Gentoo Security Advisory GLSA 200606-19 (sendmail)

The remote host is missing updates announced in advisory GLSA 200606-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.05173EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2008/01/16 10:0 p.m.31 views

CVE-2008-0299

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool...

4.3CVSS5.9AI score0.0162EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2007/07/12 9:6 a.m.6 views

perl-Net-DNS security issue

Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...

4.3CVSS5.9AI score0.02049EPSS
Exploits1References4
OSV
OSV
added 2007/06/25 9:30 p.m.1 views

DEBIAN-CVE-2007-3377

Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...

4.3CVSS6.9AI score0.02049EPSS
Exploits1References1
Rows per page
Query Builder