Exploit for NULL Pointer Dereference in Linux Linux_Kernel

DECPwn Practicing different Linux kernel exploitation techniqu...

Play With Docker 安全漏洞

Play With Docker is an easy, interactive and fun training ground for learning Docker. A security vulnerability exists in Play With Docker versions prior to 0.0.2 that stems from having an insecure CAPSYSADMIN privilege pattern that causes Docker containers to escape...

SUSE CVE-2015-20109

endpattern called from internalfnmatch in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash, as demonstrated by use of the fnmatch library function with the ! pattern. NOTE: this is not the same as CVE-2015-8984...

UBUNTU-CVE-2015-20109

endpattern called from internalfnmatch in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash, as demonstrated by use of the fnmatch library function with the ! pattern. NOTE: this is not the same as CVE-2015-8984...

GNU C Library 安全漏洞

Gnu glibc is a core component of the Linux system used to implement the C standard library, providing underlying API support for applications, following the POSIX and ISO C standards. A denial of service vulnerability exists in Gnu glibc, which stems from an endpattern in the GNU C library that...

PT-2023-10310 · Gnu +1 · Glibc +1

Name of the Vulnerable Software and Affected Versions: glibc versions prior to 2.22 Description: The issue in the GNU C Library glibc might allow context-dependent attackers to cause a denial of service, resulting in an application crash. This can be demonstrated by using the fnmatch library...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)

Summary Apache Log4j is used for logging in multiple components of the IBM Cloud Pak System CPS appliance: Logstash, VMware vCenter, IBM Hardware Management Console and product pattern type pType. Arbitrary code execution vulnerabilities have been identified in Apache Log4j. Vulnerability Details...

RHEL 8 : Red Hat Virtualization (RHSA-2023:3771)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3771 advisory. The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

Potential Risk of Privilege Escalation in Azure AD Applications

Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD AAD applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2023-20860]

Summary There is a vulnerability in Spring Framework that could allow a remote authenticated attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2023-20860 Vulnerability Details...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

AZL-38032 CVE-2023-28321 affecting package tensorflow for versions less than 2.16.1-1

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

Input validation

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...