522 matches found
Hasura GraphQL 1.3.3 - Denial of Service
Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1...
glFTPd 2.11a - Remote Denial of Service Exploit
Exploit Title: glFTPd 2.11a - Remote Denial of Service Exploit Author: xynmaps Vendor Homepage: https://glftpd.io/ Software Link: https://glftpd.io/files/glftpd-LNX-2.11a1.1.1kx64.tgz Version: 2.11a Tested on: Parrot Security OS 5.9.0 ------------------------------- encoding=utf8 author =...
glFTPd 2.11a - Remote Denial of Service
Exploit Title: glFTPd 2.11a - Remote Denial of Service Date: 15/05/2021 Exploit Author: xynmaps Vendor Homepage: https://glftpd.io/ Software Link: https://glftpd.io/files/glftpd-LNX-2.11a1.1.1kx64.tgz Version: 2.11a Tested on: Parrot Security OS 5.9.0 ------------------------------- encoding=utf8...
[SECURITY] Fedora 34 Update: suricata-6.0.2-1.fc34
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 32 Update: suricata-5.0.6-1.fc32
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 33 Update: suricata-5.0.6-1.fc33
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
OESA-2021-1037 gssproxy security update
This is a proxy for GSSAPI which deals with credential handling.\r\n\r\n Security Fixes:\r\n\r\n DISPUTED gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when...
[SECURITY] Fedora 33 Update: mutt-2.0.5-1.fc33
Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...
USN-4703-1: Mutt vulnerability
It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)
Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...
Pure-FTPd 1.0.48 - Remote Denial of Service
Exploit Title: Pure-FTPd 1.0.48 - Remote Denial of Service Date: 2020. nov. 26., 09:32:17 CET Exploit Author: xynmaps Vendor Homepage: https://www.pureftpd.org/project/pure-ftpd/ Software Link: https://github.com/jedisct1/pure-ftpd/ Version: 1.0.48 Tested on: Parrot Security OS 5.9.0 encoding=utf...
Potential segfault in `localtime_r` invocations
Impact Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library...
CVE-2020-11173
u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wir...
TASER - Python3 Resource Library For Creating Security Related Tooling
TASER T esting A nd SE ecurity R esource is a Python resource library used to simplify the process of creating offensive security tooling, especially those relating to web or external assessments. It's modular design makes it easy for code to be customized and re-purposed in a variety of scenario...
[SECURITY] Fedora 31 Update: suricata-4.1.9-1.fc31
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 32 Update: suricata-5.0.4-1.fc32
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
Dynamic Data Resolver - Version 1.0.1 beta
By Holger Unterbrink. Cisco Talos is releasing a new beta version of Dynamic Data Resolver DDR today. This release comes with a new architecture for samples using multi-threading. The process and thread tracing has been completely reimplemented. We also fixed a few bugs and memory leaks. Another...
Eagle - Yet Another Vulnerability Scanner
Project Eagle is a plugin based vulnerabilities scanner with threading support used for detection of low-hanging bugs on mass scale .---. .----------- / \ / ------ / / \ / ----- ////// ' / --- Multipurpose vulnerability scanner //// / // : : --- v1.0b / / / / '-- 2019-2020 //..\ ====UU====UU====...
GHSA-X3RH-M7VP-35F2 Operation on a Resource after Expiration or Release in Jetty Server
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
Security update for webkit2gtk3 (important)
openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:1064-1 Rating: important References: 1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: openSUSE...