GHSA-M72M-MHQ2-9P6C Uncaught Exception in jsoup

Impact What kind of vulnerability is it? Who is impacted? Those using jsoup to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until cancelled, to comple...

Brutus - An Educational Exploitation Framework Shipped On A Modular And Highly Extensible Multi-Tasking And Multi-Processing Architecture

An educational exploitation framework shipped on a modular and highly extensible multi-tasking and multi-processing architecture. Brutus: an Introduction Looking for version 1? See the branches in this repository. Brutus is an educational exploitation framework written in Python. It automates pre...

CLSA-2021-1629395067 Fix of CVE: CVE-2021-33574, CVE-2021-35942, CVE-2021-38604

Adopt pthreadattrcopy functionality, test case is included - CVE-2021-33574: avoid use-after-free vulnerability - CVE-2021-35942: avoid out-of-bounds read via signed integer overflow in array index - CVE-2021-38604: considered. No NULL pointer dereference is possible...

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

AZL-7253 CVE-2021-37714 affecting package jsoup 1.11.3-3

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

CVE-2021-37714 Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

PT-2021-7917

Name of the Vulnerable Software and Affected Versions jsoup versions prior to 1.14.2 Description The issue is related to the parsing of untrusted HTML or XML, which may cause the parser to get stuck, complete more slowly than usual, or throw an unexpected exception, potentially supporting a denia...

OpenSSL: TLS Ephemeral ECDH Crashes (20110906) - Windows

OpenSSL is prone to TLS ephemeral ECDH crashes. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenSSL: TLS Ephemeral ECDH Crashes (20110906) - Linux

OpenSSL is prone to TLS ephemeral ECDH crashes. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Cobalt Strike Vulnerability Affects Botnet Servers

Cobalt Strike is a security tool, used by penetration testers to simulate network attackers. But its also used by attackers -- from criminals to governments -- to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the...

stalld bug fix and enhancement update

stalld package provides a mechanism used to prevent the starvation of operating system threads in a Linux system. Bug fixes: stalld: buffer overflow when specifying cpu-list rhel-8.4.0.z BZ1955523...

CVE-2021-36798

A Denial-of-Service DoS vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-2295)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

Design/Logic Flaw

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

CVE-2021-38191

CVE-2021-38191 concerns the tokio crate (pre-1.8.1) for Rust. The issue occurs when calling JoinHandle::abort: a Task may be dropped in the wrong thread, which, as discussed in related advisories, can create race conditions—especially for tasks that rely on thread-affine constructs like Rc or Ref...