Mozilla Firefox Security Advisory (MFSA2015-53) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla: Use-after-free in HTTP2 Session object

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

Mozilla: Use-after-free in HTTP2 Session object

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

glibc: mq_notify does not handle separately allocated thread attributes

The mqnotify function in the GNU C Library aka glibc has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly unspecified other impact...

glibc security, bug fix, and enhancement update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries libc, POSIX thread librarie...

[SECURITY] Fedora 35 Update: rust-1.56.1-1.fc35

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Mozilla: Use-after-free in HTTP2 Session object

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

Mozilla: Use-after-free in HTTP2 Session object

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

Mozilla: Use-after-free in HTTP2 Session object

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

FortiPortal - Improper thread synchronization for database operations

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' CWE-362 in the customer database interface of FortiPortal may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

Python 3.2.x < 3.2.6, 3.3.x < 3.3.6, 3.4.x < 3.4.1 os.makedirs() not thread-safe (bpo-21082) - Linux

Python is prone to a local security bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

ThreadStackSpoofer - PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode'S Memory Allocation From Scanners And Analysts

A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. Intro This is an example implementation for Thread Stack Spoofing technique...

CVE-2021-0652

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

UVI-2021-1001746 xen/balloon: use a kernel thread instead a workqueue

xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.9 by commit...

UVI-2021-1001665 xen/balloon: use a kernel thread instead a workqueue

xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.70 by commit...

GSD-2021-1001608 xen/balloon: use a kernel thread instead a workqueue

xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.150 by commit...

GSD-2021-1001571 xen/balloon: use a kernel thread instead a workqueue

xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.209 by commit...

UVI-2021-1001571 xen/balloon: use a kernel thread instead a workqueue

xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.209 by commit...

UVI-2021-1001543 xen/balloon: use a kernel thread instead a workqueue

xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.249 by commit...

CVE-2021-21941

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution...