SUSE CVE-2023-3397

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information...

CVE-2023-2787

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

Code injection

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

CVE-2023-2787 Collapsed Reply Threads APIs leak message contents from private channels

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

CVE-2023-2787 Collapsed Reply Threads APIs leak message contents from private channels

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

CVE-2023-2787

Mattermost is affected by CVE-2023-2787: a channel membership check failure when accessing message threads allows viewing posts via the Message Threads API. The root cause is an access control error that does not verify identity of channel members for message-thread access, potentially exposing c...

ROS-20230616-02

Vulnerability in libavcodec/pthreadframe.c component of FFmpeg multimedia library is related to memory usage after it is freed when processing worker threads with hwaccel decoder. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

PT-2023-21384 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to access arbitrary posts by using the message threads API, as Mattermost fails to check channel membership when accessing message threads. Recommendations: ...

Fiber - Using Fibers To Run In-Memory Code In A Different And Stealthy Way

A fiber is a unit of execution that must be manually scheduled by the application rather than rely on the priority-based scheduling mechanism built into Windows. Fibers are often called lightweight threads. For more detailed information about what are and how fibers work consult the official...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. An information disclosure vulnerability exists in Discourse versions 3.0.3 stable and earlier, and 3.1.0.beta5 and earlier, which can be exploited by an attacker to...

Exploit for OS Command Injection in Eparks Fiberlink_210_Firmware

CVE-2023-33617 Authenticated OS command injection vulnerabili...

kernel: NFS: Avoid writeback threads getting stuck in mempool_alloc()

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

This Week in Spring - May 2, 20223

Hi, Spring fans! Welcome to another installment of This Week in Spring! You realize it's already May, 2023? Time's flying, way too quickly! I just got back from Bangalore, India, where I spoke at the amazing Great International Developer Summit, one of the all time best shows ever, and now I'm...

CVE-2022-28354

In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period...

CVE-2022-28354

In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period...

Design/Logic Flaw

In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period...

CVE-2022-28354

In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period...

CVE-2022-28354

CVE-2022-28354 affects the MyBB Active Threads Plugin 1.3.0 and its activethreads.php date parameter, which is vulnerable to cross-site scripting (XSS) when setting a time period. The vulnerability details indicate an XSS flaw in the parameter handling, with CVSSv3.1 base score 6.1 (MEDIUM): Netw...

PT-2023-12940 · Mybb · Active Threads Plugin

Name of the Vulnerable Software and Affected Versions: Active Threads Plugin version 1.3.0 for MyBB Description: The issue concerns an XSS vulnerability in the date parameter of the activethreads.php file when setting a time period. This allows for potential exploitation. No information is provid...

CVE-2022-28354

In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period...