CURL-CVE-2023-23915 HSTS amnesia with --parallel

curl's HSTS cache saving behaves wrongly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when...

SUSE CVE-2015-4155

GNU Parallel before 20150422, when using 1 --pipe, 2 --tmux, 3 --cat, 4 --fifo, or 5 --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file...

SUSE CVE-2015-4156

GNU Parallel before 20150522 Nepal, when using 1 --cat or 2 --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file...

SUSE CVE-2016-9120

Race condition in the ionioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service use-after-free by calling IONIOCFREE on two CPUs at the same time...

SUSE CVE-2018-19624

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference...

SUSE CVE-2019-3837

It was found that the netdma code in tcprecvmsg in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg for the same network socket in parallel executed on ioatdma-enabled hardware with netdma enabled can leak the memory,...

SUSE CVE-2020-11089

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirpwrite. This has been fixed in 2.1.0...

SUSE CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

PT-2023-19297

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.88.0 Description A cleartext transmission of sensitive information issue exists in curl that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, cu...

UBUNTU-CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

GSD-2023-1001102 padata: Always leave BHs disabled when running ->parallel()

padata: Always leave BHs disabled when running -parallel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

The gotcha of unhandled promise rejections

Let's say you wanted to display a bunch of chapters on the page, and for whatever reason, the API only gives you a chapter at a time. You could do this: async function showChapterschapterURLs for const url of chapterURLs const response = await fetchurl; const chapterData = await response.json;...

The gotcha of unhandled promise rejections

Let's say you wanted to display a bunch of chapters on the page, and for whatever reason, the API only gives you a chapter at a time. You could do this: async function showChapterschapterURLs for const url of chapterURLs const response = await fetchurl; const chapterData = await response.json;...

Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞

IntelR oneAPI DPC++/ c++ Compiler is a compiler from Intel Corporation USA. A security vulnerability exists in IntelR oneAPI DPC++/ c++ Compiler versions prior to 2022.2.1, which stems from its improper access control on certain IntelR oneAPI Toolkits versions prior to 2022.3.1 that could allow...

Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞

Intel OneApi Toolkits is a set of core tools and libraries from the United States Intel Intel. It is used to develop high-performance, data-centric applications across different architectures. A buffer error vulnerability exists in IntelR oneAPI DPC++/C++ Compiler versions prior to 2021.8, which...

curl: CVE-2023-23915: HSTS amnesia with --parallel

HSTS cache entries were overwritten by curl when requests were made in parallel, resulting in only one site being protected by TLS and the others being vulnerable to loss of confidentiality and integrity...

Siemens SCALANCE X-200RNA Switch Devices has an unspecified vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to the web server of the affected device calculating session IDs and random...

Siemens SCALANCE X-200RNA Switch Devices Cross-Site Scripting Vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A cross-site scripting vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which can be exploited by attackers to trigger malicious requests on...

Siemens SCALANCE X-200RNA Switch Devices Information Disclosure Vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.An information disclosure vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which could be exploited by an attacker to gain access to sensiti...