CVE-2020-10067 Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...

RUSTSEC-2020-0061 futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...

EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1542)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated we...

CVE-2019-3837

It was found that the netdma code in tcprecvmsg in the RHEL6 kernel is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg for the same network socket in parallel executed on ioatdma-enabled hardware with netdma enabled can leak the memory, crash the host leadin...

New Imperva Framework: Accelerating the development of large scale solutions with “Stepping”

Handling large amounts of data at scale is a common task in the high-tech industry nowadays. To address this challenge many frameworks have been developed and made publicly available such as distributed messaging queues, distributed databases, lightweight protocols and caching servers, among...

Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System

A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research...

CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

CVE-2020-4325

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

Design/Logic Flaw

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

CVE-2020-4325

CVE-2020-4325 affects IBM Process Federation Server and IBM Automation Workstream Services in Cloud Pak for Automation. The root cause is improper shutdown of thread pools used to retrieve Global Teams information, causing JVM memory to be unrecoverable and leading to OutOfMemory errors when the ...

Q&A: Insights from the Red Canary 2020 Threat Detection Report

In light of the latest update to the MITRE ATT&CK framework, Red Canary has developed a Threat Detection Report uncovering the top techniques attackers use to target your organization. To understand the significance of the report, we turned to two of VMware Carbon Black’s top threat experts, Greg...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

maltrail

Maltrail is a malicious traffic detection system that utilizes publicly available blacklists containing malicious and/or generally suspicious trails. It also uses optional advanced heuristic mechanisms to help in discovery of unknown threats. The system can be configured to ignore certain events...