SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2021:3290-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3290-1 advisory. - The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification...

Jetty 9.4.27 < 9.4.30 Buffer Overflow

The version of Jetty installed on the remote host when handling too large response headers throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two...

SUSE-RU-2021:14818-1 Recommended update for mozilla-nspr, mozilla-nss

This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: implement new socket option PRSockOptDontFrag support larger DNS records by increasing the default buffer size for DNS queries Lock access to PRCallOnceType members in PRCallOnce for thread safety...

LittleCorporal - A C# Automated Maldoc Generator

LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...

Heap-based Buffer Overflow in mruby/mruby

Description Heap buffer overflow on mrb-vm-exec Proof of Concept // poc.rb 1.timesuntil% ;break Result ./mruby poc.rb ================================================================= ==1451==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000023d9 at pc 0x55b2fc3f1046 bp...

Microsoft Windows cmd.exe - Stack Buffer Overflow Vulnerability

Title: Microsoft Windows cmd.exe - Stack Buffer Overflow Author: John Page aka hyp3rlinx Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt ISR: ApparitionSec Vendor www.microsoft.com Product cmd.exe is the default command-line interpreter for t...

Mozilla Rust Command Injection Vulnerability (CNVD-2021-85290)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to send non-thread-safe EntityStore and ComponentStores across threads and cause data contention...

Mozilla Rust Buffer Overflow Vulnerability (CNVD-2021-85294)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a buffer overflow vulnerability, which can be exploited by attackers to unlock a mutex lock from an unlocked thread, leading to memory corruption...

SUSE-RU-2021:3115-2 Recommended update for mozilla-nspr, mozilla-nss

This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: implement new socket option PRSockOptDontFrag support larger DNS records by increasing the default buffer size for DNS queries Lock access to PRCallOnceType members in PRCallOnce for thread safety...

SUSE-RU-2021:3116-1 Recommended update for mozilla-nspr, mozilla-nss

This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: implement new socket option PRSockOptDontFrag support larger DNS records by increasing the default buffer size for DNS queries Lock access to PRCallOnceType members in PRCallOnce for thread safety...

SUSE-RU-2021:3115-1 Recommended update for mozilla-nspr, mozilla-nss

This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: implement new socket option PRSockOptDontFrag support larger DNS records by increasing the default buffer size for DNS queries Lock access to PRCallOnceType members in PRCallOnce for thread safety...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-2374)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : libwebp (EulerOS-SA-2021-2403)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this...

Panics as error-handling

Handle nascent Vulnerability details H-04 Panics as error-handling Severity: High Likelihood: Medium The use of .unwrap, expect, and assert! should be limited to tests, compile-time assertions e.g. consts, and configuration checks. Panicks are at the thread level, so stopping one thread...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

An update for glibc is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact...

Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

GHSA-7MG7-M5C3-3HQJ Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

GHSA-GQ4H-F254-7CW9 Duplicate Advisory: Data races in ticketed_lock

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-77m6-x95j-75r5. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send...

Duplicate Advisory: Data races on syncpool

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vp6r-mrq9-8f4h. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implements Send for Bucket2. This allows sending non-Send types to...

GHSA-R88H-6987-G79F Duplicate Advisory: Data races on syncpool

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vp6r-mrq9-8f4h. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implements Send for Bucket2. This allows sending non-Send types to...