Mozilla: Use-after-free in NSSToken objects

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in NSSToken objects

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...

Exchange Servers Speared in IcedID Phishing Campaign

The ever-evolving banking trojan IcedID is back again with a phishing campaign that uses previously compromised Microsoft Exchange servers to send emails that appear to come from legitimate accounts. Attackers also are using stealthy new payload-delivery tactics to spread the modular malware...

Denial Of Service (DoS)

libvirt.so is vulnerable to denial of serviceDoS attacks. A malicious user is able to cause an application crash via infinite iterations over virNWFilterObj instances because there is no protection to stop an unprivileged thread from concurrently modifying the driver-nwfilters object...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists due to a use after free in the thread shutdown...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

CVE-2022-24990-POC It’s just a poc; it’s not an exploit...

CVE-2022-26385

In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox 98...

UBUNTU-CVE-2022-26385

In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox 98...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a resource management error vulnerability that originates from a post-release reuse error during thread closure. A remote attacker can force a user to close the thread, trigger the post-release...

PT-2022-7477 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel's tipc component can cause a kernel panic when enabling a bearer on a node. This occurs due to a null-pointer dereference in the tipc mon prep...

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

Atlassian Jira Server ViewInstrumentation.jspa Cross-site Request Forgery Vulnerability

Atlassian Jira Service is the server version of an IT service desk and request tracking system from Atlassian Australia. The Atlassian Jira Server is vulnerable to cross-site request forgery, which stems from an application/secure/admin/ViewInstrumentation.jspa endpoint that does not adequately...

SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming

SquirrelWaffle – the newish malware loader that first showed up in September – once again got its scrabbly little claws into an unpatched Microsoft Exchange server to spread malspam with its tried-and-true trick of hijacking email threads. That’s the same-old, same-old, as in, a SquirrelWaffle...

CVE-2021-43953

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery CSRF vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are befor...

Atlassian Jira Server 和 Data Center 跨站请求伪造漏洞

Atlassian Jira Service is the server version of an IT service desk and request tracking system from Atlassian Australia. The Atlassian Jira Server is vulnerable to cross-site request forgery, which stems from an application/secure/admin/ViewInstrumentation.jspa endpoint that does not adequately...

DEBIAN-CVE-2022-23633

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...

CVE-2022-23633 Exposure of sensitive information in Action Pack

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...

GHSA-C582-C96P-R5CQ Memory exhaustion in Tensorflow

Impact The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory: python import tensorflow as tf y = tf.rawops.ThreadPoolHandlenumthreads=0x60000000,displayname='tf' This is because the numthreads argument is only checked to not be...

AlmaLinux 8 : glibc (ALSA-2021:4358)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4358 advisory. - The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6 2.29 through 2.33, when processing a request for netgroup lookup, may crash d...

[SECURITY] Fedora 34 Update: rust-thread_local-1.1.4-1.fc34

Per-object thread-local storage...