Kernel: vhost_net: infinite loop while receiving packets leads to DoS

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

Kernel: vhost_net: infinite loop while receiving packets leads to DoS

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

CVE-2012-6122

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service crash by opening a file descriptor with a large integer value...

DEBIAN-CVE-2012-6122

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service crash by opening a file descriptor with a large integer value...

Buffer overflow

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service crash by opening a file descriptor with a large integer value...

CVE-2012-6122

CVE-2012-6122 is a buffer overflow in the thread scheduler of the Chicken Scheme runtime. The flaw allows an attacker to trigger a crash/DoS by opening a file descriptor with a large integer value. The issue affects Chicken releases up to and including 4.8.0.1, with related follow-ons noted (CVE-...

The vulnerability of the PM_V3!CTagInfoThreadBase function in the WebAccess HMI Designer software allows a attacker to cause a service failure.

The vulnerability of the PMV3!CTagInfoThreadBase function GetNICInfo+0x0000000000512918 in the software for developing and managing HMI applications of WebAccess HMI Designer is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a...

FreeBSD : FreeBSD -- kernel memory disclosure from /dev/midistat (5027b62e-f680-11e9-a87f-a4badb2f4699)

The kernel driver for /dev/midistat implements a handler for read2. This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact : The races allow a program to read...

PT-2019-14891 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions up to 4.5.7 Description: The issue concerns the use of an unsanitized contact uuid variable in the file appmessagesmessages thread.php, which is reflected in HTML on three occasions, leading to a cross-site scripting XSS...

The vulnerability of the mkv::event_thread_t() function in the VideoLAN VLC media player software allows a attacker to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the mkv::eventthreadt function in the VideoLAN VLC media player software is related to a buffer overflow attack. Exploiting this vulnerability could allow an attacker to compromise data integrity, gain unauthorized access to protected information, and even cause service...

CVE-2019-3894

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...

September 24, 2019 — KB4515839 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607

September 24, 2019 — KB4515839 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1607 includes cumulative reliability improvements in Microsoft .NET Framework 4....

September 24, 2019 — KB4515842 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803

September 24, 2019 — KB4515842 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1803 includes cumulative reliability improvements in Microsoft .NET Framework 4....

September 24, 2019 — KB4515840 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703

September 24, 2019 — KB4515840 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1703 includes cumulative reliability improvements in Microsoft .NET Framework 4....

Tracking by Smart TVs

Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers...

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. With Thread Hijacking, it allows the hijacker.exe program to suspend a thread within the target.exe program allowing us to write shellcode to a thread. Usage int main System sys; Interceptor incp; Exceptio...

OPENSUSE-SU-2019:2221-1 Security update for varnish

This update for varnish fixes the following issues: Security issue fixed: - CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests boo1149382. Non-security issues fixed: - Updated the package to release 6.2.1. - Added a thread pool watchdog which will restart the...

openSUSE: Security Advisory for varnish (openSUSE-SU-2019:2184-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : varnish (openSUSE-2019-2184)

This update for varnish fixes the following issues : Security issue fixed : - CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests boo1149382. Non-security issues fixed : - Updated the package to release 6.2.1. - Added a thread pool watchdog which will restart th...

OPENSUSE-SU-2019:2184-1 Security update for varnish

This update for varnish fixes the following issues: Security issue fixed: - CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests boo1149382. Non-security issues fixed: - Updated the package to release 6.2.1. - Added a thread pool watchdog which will restart the...