CVE-2023-3218 Race Condition within a Thread in it-novum/openitcockpit

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5...

OpenITCOCKPIT 安全漏洞

It-novum OpenITCOCKPIT is an open source set of system monitoring tools from It-novum, Germany. A security vulnerability exists in OpenITCOCKPIT versions prior to 4.6.5 that stems from the presence of a race condition within a thread...

Denial Of Service (DoS)

github.com/sigstore/rekor is vulnerable to Denial of Service DoS attacks. A malicious user is able to submit a malformed intoto/v0.0.2 type, resulting in a thread panic resulting in the client receiving a 500 error message and eventually recovering the thread...

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

Thread Counter Overflow

Xen is vulnerable to a Thread Counter Overflow. The vulnerability arises from the mishandling of guest SSBD Speculative Store Bypass Disable selection on AMD hardware. This mishandling enables a guest to underflow or overflow the thread counter. Each write to VIRTSPECCTRL.SSBD by the guest is...

Basecamp: Spam & Clearance checks disabled with existing referenced Message-ID

A vulnerability in the inbound email processing allowed crafted emails to bypass spam filtering and The Screener when they appeared to be in reply to an existing thread...

Friday Squid Blogging: Squid Chromolithographs

Beautiful illustrations. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 6/4: Slashdot thread...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

DEBIAN-CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CBL Mariner 2.0 Security Update: kernel (CVE-2023-1998)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-1998 advisory. - The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL...

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control C2 servers are merely active for a single day. What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2...

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control C2 servers are merely active for a single day. What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2...

Race condition

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

CVE-2023-33199

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

Design/Logic Flaw

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

CVE-2023-33199

CVE-2023-33199 concerns Rekor: a malformed proposed entry of the intoto/v0.0.2 type can cause a panic in a Rekor thread. The thread is recovered and the process returns a 500 error, with availability impact described as minimal. A fix is available in Rekor v1.2.0, and upgrade is advised. The conn...

CVE-2023-33199

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...