Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2016-0263)

Summary A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.2, V4.1 and IBM General Parallel File System V3.5, that could allow a local user, under special circumstances, to escalate their privileges or cause a denial of service when the mmapplypolicy comma...

Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-0392)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root. Vulnerability Details CVEID: CVE-2016-0392 DESCRIPTION: IBM General Parallel File...

Security Bulletin: IBM General Parallel File System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Summary Security vulnerabilities have been identified in current levels of GPFS V4.1, V3.5, and V3.4: - could allow a local attacker which only has a non-privileged account to execute programs with root privileges CVE-2015-0197 - may not properly authenticate network requests and could allow an...

Security Bulletin: Vulnerability in RC4 stream cipher affects GPFS V3.5 for Windows (CVE-2015-2808) / Enabling weak cipher suites for IBM General Parallel File System is NOT recommended

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenSSH for GPFS V3.5 for Windows. Additionally, with the recent attention to RC4 “Bar Mitzvah” Attack for SSL/TLS, this is a reminder to NOT enable weak or export-level cipher suites for IBM General Parallel File System GPFS. Vulnerability...

Out-of-bounds

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...

PYSEC-2021-197

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 PoC Introduction This is an exploit for the...

curl: Data race conditions reported by helgrind when performing parallel DNS queries in libcurl

While running binary built from curl git repo file "docs/examples/10-at-a-time.c" under valgrind specifically with the helgrind tool, reports race condition in getaddrinfo calls. Using the latest curl/libcurl from github repo. From the valgrind documentation "Helgrind is a Valgrind tool for...

curl: Parallel upload hangs curl if upload file not found

Attempting to upload -T a not found file with parallel -Z flag present, will cause curl to get stuck and never terminate, potentially stalling scripts that make use of this particular flags. curl -T blabla-notexists -Z upload.example.com www.google.com www.cnn.com www.apple.com Same issue occurs ...

freerdp: out-of-bounds read in irp functions

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirpwrite. This has been fixed in 2.1.0...

Unimap - Scan Only Once By IP Address And Reduce Scan Times With Nmap For Large Amounts Of Data

Scan only once by IP address and reduce scan times with Nmap for large amounts of data. Unimap is an abbreviation of "Unique Nmap Scan ". The tool can run in Linux, OSX, Windows or Android Termux without problems. Why? If you have plans to run an Nmap to a whole organization you need to consideer...

DEBIAN-CVE-2020-11089

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirpwrite. This has been fixed in 2.1.0...

Parallel overstepping vulnerability in Liangjing Mall online store shopping system

Liangjing Mall Online Shop Shopping System is a set of multi-functional online store system that can be suitable for different types of commodities, super flexible, three-tier distribution PC+Mobile+Micro-site. There is a parallel override vulnerability in LiangJing Mall Online Shop Shopping...

[SECURITY] Fedora 32 Update: condor-8.8.8-1.fc32

HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queuing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs t...

[SECURITY] Fedora 31 Update: condor-8.8.8-1.fc31

HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queuing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs t...

[SECURITY] Fedora 30 Update: condor-8.8.8-1.fc30

HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queuing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs t...

PT-2020-5402 · Freerdp +6 · Freerdp +6

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.1.0 Description: The issue is related to an out-of-bound read in irp functions, specifically in parallel process irp create, serial process irp create, drive process irp write, printer process irp write, rdpei recv...

[SECURITY] Fedora 30 Update: pxz-4.999.9-19.beta.20200421git.fc30

Parallel XZ is a compression utility that takes advantage of running XZ compression simultaneously on different parts of an input file on multiple cores and processors. This significantly speeds up compression time...

Fedora: Security Advisory for pxz (FEDORA-2020-07fcbfddbd)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...