CVE-2021-47145

CVE-2021-47145 affects the Linux kernel (btrfs) where a BUG_ON in link_to_fixup_dir can trigger a kernel panic during error paths in log recovery. The description shows a replay/recover flow (replay_one_buffer, btrfs_recover_log_trees, open_ctree) panicking with an invalid opcode in fs/btrfs/tree...

CVE-2021-47145

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON in linktofixupdir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 1 SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ 305...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from a kernel panic caused during injection testing...

CVE-2021-47145

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON in linktofixupdir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 1 SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ 305...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-27.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

PYSEC-2024-257

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesnt...

Exploit for OS Command Injection in Progress Loadmaster

CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster 🛡️...

GHSA-PMF3-C36M-G5CF Container escape at build time

Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind cat...

Container escape at build time

Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind cat...

Exploit for Out-of-bounds Write in Haxx Libcurl

CVE-2023-38545: Curl Vulnerability Proof of Concept This repos...

The vulnerability of the software for X-Rite’s MAT 6 Kohinoor spectrometer arises from insufficient testing of input data. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The software vulnerability of the X-Rite MAT 6 Kohinoor spectrometer exists due to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Kiwi TCMS testing system lies in the lack of measures to protect the website structure. This allows attackers to upload arbitrary attachments to testing plans and test scenarios.

The vulnerability of the Kiwi TCMS testing system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to upload arbitrary attachments to testing plans and test scenarios...

The vulnerability of the Kiwi TCMS testing system lies in its ability to allow unlimited loading of dangerous types of files. This allows attackers to upload arbitrary attachments to testing plans and test scenarios.

The vulnerability of the Kiwi TCMS testing system lies in its ability to load files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to upload arbitrary attachments to testing plans and test scenarios remotely...

Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass

Open eClass RCE Exploit Tool This tool is designed to exploit...

Hypermedia and Browser Enhancement

Front end development these days is dominated by large JavaScript client side frameworks. There are plenty of good reasons for that, but it can be very inefficient for many use cases, and the framework engineering has become extremely complex. In this article, I want to explore a different...

Microsoft Security Update Validation Report March 2024

Microsoft’s March 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

The vulnerability of Microsoft Visual Studio, a software development tool, and the .NET software platform lies in the lack of adequate testing of input data. This allows attackers to trigger service failures.

The vulnerability of Microsoft Visual Studio, a software development tool, and the .NET software platform exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to cause system failures...

DEBIAN-CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...