rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

in jspark311/buriedunderthenoisefloor

Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. https://github.com/jspark311/BuriedUnderTheNoiseFloor/ is vulnerable to remo...

Code injection

A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is...

rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

How to Build an Incident-Response Plan, Before Security Disaster Strikes

In a startling discovery, a recent report found that 98 percent of companies have experienced at least one cloud data breach in the past 18 months, compared to 79 percent last year. The same report disclosed that nearly 60 percent of the 200 CISOs and security decision-makers surveyed considered...

The vulnerability of the declarative reading and writing methods for BinData binary file formats, related to uncontrolled resource consumption, allows a perpetrator to cause service failures.

The vulnerability of the declarative method for reading and writing BinData binary file formats is related to the relatively slow creation of certain classes. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Vulnerability fixed in Fedora

A vulnerability has been fixed in the Linux kernel as used by Fedora. A local, authenticated malicious person can gain by exploiting this vulnerability to gain elevated privileges acquire elevated privileges on the vulnerable system. Fedora has made updates available for Fedora 33 and 34. You can...

Security update for haproxy (moderate)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2021:1329-1 Rating: moderate References: 1189877 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for haproxy fixes the following issues: -...

FCC Proposal Targets SIM Swapping, Port-Out Fraud

The U.S. Federal Communications Commission FCC is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a targets mobile phone number and use that to wrest control over the victims online...

3 key resources to accelerate your passwordless journey

Every organization today faces password-related challenges—phishing campaigns, productivity loss, and password management costs to name just a few. The risks now outweigh the benefits when it comes to passwords. Even the strongest passwords are easily phish-able and vulnerable to attacks, such as...

3 key resources to accelerate your passwordless journey

Every organization today faces password-related challenges—phishing campaigns, productivity loss, and password management costs to name just a few. The risks now outweigh the benefits when it comes to passwords. Even the strongest passwords are easily phish-able and vulnerable to attacks, such as...

Telegram-powered bots circumvent 2FA

Two-factor authentication is a great way to protect your online accounts, and we always recommend you turn it on. But where users put up walls, you can be sure there are cybercriminals trying to break them down. Yesterday, security intelligence firm, Intel 147, revealed it had noticed an uptick o...

A6: Security Misconfiguration ❗️ — Top 10 OWASP 2017

A6: Security Misconfiguration ❗️ — Top 10 OWASP 2017 Introduction A6: Security Misconfiguration What is Security Misconfiguration? I believe this name was chosen to be as ambiguous as possible for one of the Top 10 OWASP vulnerabilities. It can encompass anything and everything related to...

WP Mega Menu < 1.4.0 - Unauthenticated Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked to admininit. As a result, unauthenticated users can call them and access arbitrary post data, including password protected or private ones. PoC Access an...

Security update for grafana-piechart-panel (moderate)

openSUSE Security Update: Security update for grafana-piechart-panel Announcement ID: openSUSE-SU-2021:3175-1 Rating: moderate References: 1172125 Cross-References: CVE-2020-13429 CVSS scores: CVE-2020-13429 NVD : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2020-13429 SUSE: 6.4...

Microsoft makes a bold move towards a password-less future

In a recent blog Microsoft announced that as of September 15, 2021 you can completely remove the password from your Microsoft account and use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to Microsoft apps and service...

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

The passwordless future is here for your Microsoft account

Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games. We are expected to create complex and unique passwords,...