Fedora: Security Advisory for nspr (FEDORA-2020-3ef1937475)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: nspr-4.26.0-1.fc32

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...

T14M4T - Automated Brute-Forcing Attack Tool

t14m4t is an automated brute-forcing attack tool, wrapper of THC-Hydra and Nmap Security Scanner. t14m4t is scanning an user defined target or a document containing targets for open ports of services supported by t14m4t , and then starting brute-forcing attack against the services running on...

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted.These campaigns make use of existing email threads from compromised accounts to greatly increase...

SUSE-SU-2020:1748-1 Security update for ceph

This is a version update for ceph to version 12.2.13: Security issue fixed: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag bsc1171921. - Notable changes in this update for ceph: mgr: telemetry: backported and now available on SES5.5. Please consider enabling via 'ceph...

GHSA-QCXH-W3J9-58QR Apache Tomcat Denial of Service vulnerability

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

tomcat: Apache Tomcat HTTP/2 DoS

A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack...

Denial of Service in manolo/gwtupload

Overview com.googlecode.gwtupload:gwtupload is a library for uploading files to web servers, showing a progress bar with real information about the process file size, bytes transferred, etc. Affected versions of this package are vulnerable to Denial of Service DoS. server/UploadServlet.java the...

SUSE-SU-2020:1289-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths bsc1168683. Non-security issues fixed: - apparmor: avoid copying empty profile name bsc1149100. - logging: ensure virtlogd rollover takes priority...

Unauthorized Access

Soteria is vulnerable to unauthorized access. A security identity corruption across concurrent threads occurs when multiple concurrent requests are parsed...

Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module

A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan module. Usage hacker@blackarch $ sshprank -H --== sshprank by nullsecurity.net ==-- usage sshprank opts | modes -h - single host to crack. multiple ports can be seperated by comma, e.g.: 22,2022,22222 default...

CVE-2020-1732

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request...

WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access Vulnerability

WebKit: Data race in AudioArray::allocate can lead to OOB access VULNERABILITY DETAILS Source/WebCore/platform/audio/AudioArray.h: void allocateChecked n ... while !isAllocationGood // Initially we try to allocate the exact size, but if it's not aligned // then we'll have to reallocate and from...

WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access

WebKit: Data race in AudioArray::allocate can lead to OOB access VULNERABILITY DETAILS Source/WebCore/platform/audio/AudioArray.h: void allocateChecked n ... while !isAllocationGood // Initially we try to allocate the exact size, but if it's not aligned // then we'll have to reallocate and from...

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

Convincing Google Impersonation Opens Door to MiTM, Phishing

An attack that uses homographic characters to impersonate domain names and launch convincing but malicious websites takes minutes and a bare modicum of skill — while reaping high rates of success in luring victims, according to an independent researcher. Researcher Avi Lumelsky set out to see how...

CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...

CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...

UBUNTU-CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...

CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...