Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional checks have been added in niclear. The addition of a check for NTFSFLAGSLOGREPLAYING prevents access to the uninitialized bitmap during the replay process...

PT-2026-38399

Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description Resource exhaustion occurs because the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. In the MqttDecoder class, the decodeVariableHeader...

EUVD-2001-1482

Malware in sbrugna...

CVE-2022-47930

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

ext4: fix infinite loop when replaying fast_commit

...

UBUNTU-CVE-2021-47371

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks 1 that can be reduced to the following commands: ip nexthop add id 1 blackhole devlink dev reload pci/0000:06:00.0 As part of the...

DEBIAN-CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

M-03 Unmitigated

Lines of code Vulnerability details Impact The mitigation updates the following AmbireAccount.execute function by adding nonce++ in the scheduled != 0 && !isCancellation if block within the sigMode == SIGMODERECOVER || sigMode == SIGMODECANCEL if block. However, this does not fix M-03: Recovery...

[SECURITY] Fedora 37 Update: rr-5.6.0-2.fc37

rr is a lightweight tool for recording and replaying execution of applications trees of processes and threads. For more information, please visit http://rr-project.org...

[SECURITY] Fedora 36 Update: rr-5.6.0-2.fc36

rr is a lightweight tool for recording and replaying execution of applications trees of processes and threads. For more information, please visit http://rr-project.org...

Canadian Furious Beaver - A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: 1. the "Broker" combines both a user-land agent and a self-extractable driver IrpDumper.sys that will install itself on the targeted system. Once running it will expose depending on the...

UBUNTU-CVE-2021-26712

Incorrect access controls in ressrtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets...

Bitcoin Core and Bitcoin Knots Security Vulnerabilities

Bitcoin Core is an open source client for verifying the validity of blockchain transactions. Bitcoin Knots is a complete Bitcoin client. A security vulnerability exists in Bitcoin Core and Bitcoin Knots. An attacker can exploit the vulnerability to cause a denial of service application crash with...

CVE-2018-9842

CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message...

High Throughput Fuzzer: Grr

High Throughput Fuzzer GRR is an x86 to amd64 binary translator. GRR was created to emulate and fuzzer DECREE challenge binaries. GRR was created for the DARPA Cyber Grand Challenge. Features Code cache persistence avoids translation overheads across separate runs. Optimization of the code cache,...

Code injection

Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network...

CVE-2013-4178

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password OTP...

CVE-2012-3884

AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data...

CVE-2010-3892

Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID aka SID value...

FreeBSD Security Advisory (FreeBSD-SA-07:09.random.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-07:09.random.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...