jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

Race condition

Race Condition within a Thread vulnerability in iscsisnapshotcommcore in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests...

CVE-2021-26569

Race Condition within a Thread vulnerability in iscsisnapshotcommcore in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests...

The vulnerability of Intel Graphics Driver drivers, related to errors in managing the execution thread, allows attackers to gain increased privileges.

The vulnerability of Intel Graphics Drivers’ drivers is related to errors in managing the execution thread. Exploiting this vulnerability can allow attackers to gain increased privileges...

glibc bug fix and enhancement update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Bug Fixes and Enhancement...

CVE-2021-22303

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising...

CVE-2021-22303

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising...

Double free

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising...

CVE-2021-22303

The CVE-2021-22303 entry concerns Huawei Taurus-AL00A smartphone running 10.0.0.1 (C00E1R1P1). The vulnerability is a pointer double free caused by lack of multi-thread reentry protection when a function is called, potentially enabling a crash of the affected module and disruption of normal servi...

Friday Squid Blogging: Live Giant Squid Found in Japan

A giant squid was found alive in the port of Izumo, Japan. Not a lot of news, just this Twitter thread with a couple of videos. If confirmed, I believe this will be the THIRD time EVER a giant squid was filmed alive! As usual, you can also use this squid post to talk about the security stories in...

OESA-2021-1031 freeradius security update

Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service.\r\n\r\n Security Fixes:\r\n\r\n In FreeRADIUS 3.0 through 3.0.19, on avera...

Huawei Taurus-AL00A 资源管理错误漏洞

The Huawei Taurus-AL00A is a smartphone from the Chinese company Huawei Huawei. A security vulnerability exists in Huawei Taurus-AL00A version 10.0.0.1 C00E1R1P1. The vulnerability stems from the program not setting multi-thread reentry protection when calling a function. An attacker can exploit...

CVE-2021-21293

blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Web-Brutator - Modular Web Interfaces Bruteforcer

Fast Modular Web Interfaces Bruteforcer Install python3 -m pip install -r requirements.txt Usage $ python3 web-brutator.py -h . / \ / \ \ | \ \ / | / | \ // // | \ | | /\ \ | \ \ \ \ / \ \ \ /\ /| \ \ // | | \ | | / | /| | / | | | / /\ / \ / | / || |/ || /| /|| / / / / / Version 0.2...

MyBB Thread Redirect 0.2.1 Cross Site Scripting

Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting Date: 7/23/2018 Author: 0xB9 Software Link: https://github.com/jamiesage123/Thread-Redirect Version: 0.2.1 Tested on: Windows 10 1. Description: This plugin allows threads to redirect to a URL with optional custom text. The...

Huawei Taurus-AL00A Pointer Double Release Vulnerability

The Huawei Taurus-AL00A is a smartphone from the Chinese company Huawei Huawei. A security vulnerability exists in Huawei Taurus-AL00A version 10.0.0.1 C00E1R1P1. The vulnerability stems from the program not setting multi-thread reentry protection when calling a function. An attacker can exploit...

MyBB Hide Thread Content Plugin 1.0 - Information Disclosure

Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure Date: 1/27/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 Version: 1.0 Tested on: Windows 10 CVE: CVE-2021-3337 1. Description: This plugin...

MyBB Hide Thread Content 1.0 Information Disclosure

Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure Date: 1/27/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 Version: 1.0 Tested on: Windows 10 CVE: CVE-2021-3337 1. Description: This plugin...

CVE-2021-3337

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit...