[SECURITY] Fedora 36 Update: rr-5.6.0-2.fc36

rr is a lightweight tool for recording and replaying execution of applications trees of processes and threads. For more information, please visit http://rr-project.org...

CVE-2022-25666

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

JSubFinder - Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets

JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go's amazing performance allowing it to utilize large data sets & be easily chained with other tools...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

KLA19256 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

Fedora: Security Advisory for golang-starlark (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

USN-5399-1: libvirt vulnerabilities

It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-3667 It was discovered that libvirt...

Kerbrute - An Script To Perform Kerberos Bruteforcing By Using Impacket

An script to perform kerberos bruteforcing by using the Impacket library. When is executed, as input it receives a user or list of users and a password or list of password. Then is performs a brute-force attack to enumerate: Valid username/passwords pairs Valid usernames Usernames without...

LACheck - Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration

Multithreaded C .NET Assembly Local Administrative Privilege Enumeration Arguments domain controller to query if not ran on a domain-joined host /domain - specify domain name if not ran on a domain-joined host /edr - check host for EDR requires smb, rpc, or winrm /logons - return logged on users ...

SourceLeakHacker - A Multi Threads Web Application Source Leak Scanner

SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage dictionary scale --output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss --threads THREADS, -t THREADS threads numbers, default: 4 --timeout TIMEOUT HTTP request timeout...

Mozilla Rust Memory Corruption Vulnerability (CNVD-2021-71658)

Rust, a general-purpose, compiled programming language from the Mozilla Foundation, was previously vulnerable in version 0.5.1. The vulnerability stems from the fact that programs can send non-send types to other threads, which can be exploited by attackers to potentially cause data contention an...

GHSA-9MXW-4856-9CM5 Data races in rusb

Affected versions of rusb did not require UsbContext to implement Send and Sync. However, through Device and DeviceHandle it is possible to use UsbContexts across threads. This issue allows non-thread safe UsbContext types to be used concurrently leading to data races and memory corruption. The...

Data races in rusb

Affected versions of rusb did not require UsbContext to implement Send and Sync. However, through Device and DeviceHandle it is possible to use UsbContexts across threads. This issue allows non-thread safe UsbContext types to be used concurrently leading to data races and memory corruption. The...

Data races in atom

The atom crate contains a security issue revolving around its implementation of the Send trait. It incorrectly allows any arbitrary type to be sent across threads potentially leading to use-after-free issues through memory races...

stalld bug fix and enhancement update

An update is available for stalld. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list stalld package provides a mechanism used to prevent the starvation of operatin...

Hash-Buster v3.0 - Crack Hashes In Seconds

Why crack hashes when you can bust them? Features Automatic hash type identification Supports MD5, SHA1, SHA256, SHA384, SHA512 Can extract & crack hashes from a file Can find hashes from a directory, recursively Multi-threading Insallation & Usage Note: Hash Buster isn't compatible with python2,...

Apache CXF Resource Management Error Vulnerability (CNVD-2021-70100)

Apache CXF is the United States Apache Apache Foundation's an open source Web services framework. The framework supports multiple Web service standards, multiple front-end programming APIs, etc. Apache CXF has a resource management error vulnerability that can be exploited by an attacker to submi...

HttpDoom - A Tool For Response-Based Inspection Of Websites Across A Large Amount Of Hosts For Quickly Gaining An Overview Of HTTP-based Attack Surface

Validate large HTTP-based attack surfaces in a very fast way. Heavily inspired by Aquatone. Why? When I utilize Aquatone to flyover some hosts, I have some performance issues by the screenshot feature, and the lack of extension capabilities - like validating front-end technologies with a...

[SECURITY] Fedora 33 Update: glib2-2.66.8-1.fc33

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system...