Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

Microsoft Windows - AppX Deployment Service Local Privilege Escalation 3 CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within "c:\users%username%\appdata\local\packages\Microsoft.MicrosoftEdge8wekyb3d8bbwe"...

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3) Exploit

Exploit for windows platform in category local exploits Microsoft Windows - AppX Deployment Service Local Privilege Escalation 3 CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within...

The vulnerability of the thread_list_mutex function in the advanced TFTP server Atftpd, related to the assignment of the NULL pointer, allows a hacker to trigger a service failure.

The vulnerability of the threadlistmutex function in the advanced TFTP server Atftpd is related to the lack of mutex locking before assigning a data structure. Exploiting this vulnerability allows an attacker who operates remotely to cause service interruptions...

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

[SECURITY] Fedora 29 Update: rust-1.34.2-1.fc29

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 30 Update: rust-1.34.2-1.fc30

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Design/Logic Flaw

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130...

CVE-2019-2250

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130...

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Mozilla Firefox Memory Misreference Vulnerability (CNVD-2019-17486)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A resource management error vulnerability exists in AssertWorkerThread in versions prior to Mozilla Firefox 67, which arises from a mismanagement of system resources e.g., memory, disk space, files, et...

UBUNTU-CVE-2019-9821

A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox 67...

UBUNTU-CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis of under-vulnerability warning-the black bar safety net

Buffer override of the program sequence In the absence of enumeration MDCLEAR functions of the processor, certain instruction sequences can be used for cover by the MDS affect the buffer. You can point this, a detailed review of these sequences. Different processors may require different sequence...

PT-2019-6810 · Chicken +1 · Chicken +1

Name of the Vulnerable Software and Affected Versions: Chicken versions prior to 4.8.0.1 Description: The issue is related to a buffer overflow in the thread scheduler, which can be triggered by opening a file descriptor with a large integer value. This can cause a denial of service, resulting in...

Apache Tomcat 8.5.x < 8.5.41 DoS Vulnerability

Binary data 700697.pasl...

KLA11571 DoS vulnerability in Apache Tomcat

Thread exhaustion vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Apache Tomcat 9.x Security Vulnerabilities Apache Tomcat 8.x Security Vulnerabilities Related products Apache-Tomcat CVE list CVE-2019-10072...

CVE-2019-5675

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior a...

wildfly: wrong SecurityIdentity for EE concurrency threads that are reused

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...

wildfly: wrong SecurityIdentity for EE concurrency threads that are reused

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...

Important: kernel

Issue Overview: - Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12126 - Microarchitectural Fill Buffer Data Sampling MFBDS CVE-2018-12130 - Microarchitectural Load Port Data Sampling MLPDS CVE-2018-12127 - Microarchitectural Data Sampling Uncacheable Memory MDSUM CVE-2019-11091...