151 matches found
The fork mechanism of Nouns lacks a fork cooling-off period/clarification period/remedial period mechanism, which cannot resist someone maliciously inciting the emotions of DAO members and triggering impulsive forks
Lines of code Vulnerability details Impact It's important that forking happen rarely. Once a fork occurs, it cannot be canceled. It is not a good thing for DAO to happen. It is necessary to ensure that DAO members propose a fork after calm deliberation. The current Nouns forking mechanism lacks a...
kernel: use-after-free related to leaf anon_vma double reuse
A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...
SUSE CVE-2007-3303
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that 1 stop request processing by killing all worker processes and preventing creation of replacements or 2 hang the system by forcin...
SUSE CVE-2011-2686
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...
SUSE CVE-2011-3009
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...
SUSE CVE-2014-0017
The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...
DEBIAN-CVE-2022-47946
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in iosqpollwaitsq in fs/iouring.c allows an attacker to crash the kernel, resulting in denial of service. finishwait can be skipped. An attack can occur in some situations by forking a process and then quickly...
UBUNTU-CVE-2022-47946
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in iosqpollwaitsq in fs/iouring.c allows an attacker to crash the kernel, resulting in denial of service. finishwait can be skipped. An attack can occur in some situations by forking a process and then quickly...
GHSA-7FW6-6MFJ-G3Q2 ckb: Transaction header_deps validation issue (network forking)
Impact fn HeaderCheckercheckvalid skipped main chain checking after this PR: https://github.com/nervosnetwork/ckb/pull/1646/filesdiff-c4e017b67c1b3005ca0c446a9b0879571aa36a858b1f7ddd1b9328a884e3214bR171-R176 It will cause network forking if one transaction is using a forked block header which is...
ckb: Transaction header_deps validation issue (network forking)
Impact fn HeaderCheckercheckvalid skipped main chain checking after this PR: https://github.com/nervosnetwork/ckb/pull/1646/filesdiff-c4e017b67c1b3005ca0c446a9b0879571aa36a858b1f7ddd1b9328a884e3214bR171-R176 It will cause network forking if one transaction is using a forked block header which is...
GHSA-CXGF-V2P8-7PH7 NuProcess vulnerable to command-line injection through insertion of NUL character(s)
Impact In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in...
Code injection
Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...
Nanodump - A Crappy LSASS Dumper With No ASCII Art
A flexible tool that creates a minidump of the LSASS process. 1. Features It uses syscalls with SysWhispers2 for most operations. Syscalls are called from an ntdll address to bypass some syscall detections. It sets the syscall callback hook to NULL. Windows APIs are called using dynamic invoke...
ALPINE-CVE-2022-23608
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set or forking scenario, a hash key shared by multiple UAC dialogs can...
MISP 跨站脚本漏洞
MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. MISP suffers from a cross-site scripting vulnerability that stems from...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
Improper access control
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
PT-2021-7582 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.10.x through 5.10.154 Description: The issue is related to a use-after-free in the io sqpoll wait sq function in fs/io uring.c, which allows an attacker to crash the kernel, resulting in denial of service. The finish...