4499 matches found
CVE-2020-10718
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is ...
CVE-2020-10718
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is ...
PT-2020-12297 · Red Hat · Wildfly
Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 13.0.0.Final Description: A flaw was found in the embedded managed process API, where the Thread Context Classloader TCCL setting is exposed as a public method. This exposure can bypass the security manager, posing a...
Linux expand_downwards() / munmap() Race Condition Exploit
Linux =4.20: expanddownwards can race with munmap page table freeing Since 4.20, domunmap downgrades the mmapsem from write-locked to read-locked after detaching the VMAs from the mmstruct, but before dropping references to pages and freeing page tables. This ought to be safe because VMA tree...
libsndfile:sndfile_fuzzer: Nested bug in the same thread, aborting. with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5087344745775104 Project: libsndfile Fuzzing Engine: libFuzzer Fuzz Target: sndfilefuzzer Job Type: libfuzzermsanlibsndfile Platform Id: linux Crash Type: Nested bug in the same thread, aborting. Crash Address: Crash State: NULL Sanitizer: memory...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
PT-2021-12654 · Freebsd +1 · Freebsd +2
Name of the Vulnerable Software and Affected Versions: FreeBSD versions 11.3-RELEASE through 11.3-RELEASE before p13 FreeBSD versions 11.4-RELEASE through 11.4-RELEASE before p3 FreeBSD versions 12.1-RELEASE through 12.1-RELEASE before p9 FreeBSD versions 11.4-STABLE through 11.4-STABLE before...
Multiple security issues including data race, buffer overflow, and uninitialized memory drop
arr crate contains multiple security issues. Specifically, 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary. 2. Index and IndexMut implementation does not check the array bound. 3. Array::newfromtemplate drops uninitialized memo...
Zulip Server Reverse Tag Kidnapping Vulnerability
Zulip is a powerful open source group chat application that combines the immediacy of live chat with the productivity benefits of threaded conversations.Zulip Server is the Zulip server. A reverse tag kidnapping vulnerability exists in Zulip Server versions prior to 2.1.5. An attacker can exploit...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
Drovorub Malware
The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread...
SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:2233-1)
This update for libvirt fixes the following issues : CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc1161883, bsc1174458 qemu: Setup emulator thread and cpuset.mems before exec - bsc1171946 libxl:...
CVE-2020-14483
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security Versions 2.4.31, 2.4.45, 4.8.0.35 to corre...
CVE-2020-14483
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security Versions 2.4.31, 2.4.45, 4.8.0.35 to corre...