A flaw was found in the way the af_packet functionality in the Linux kernel handled retirement timer setting for TPACKET_v3 when getting settings from the underlying network device errors out. A local user able to open af_packet domain socket and able to hit the error path could use this flaw to starve the system.
Source link
[Bug 1846462] CVE-2019-20812 kernel: af_packet: TPACKET_V3: invalid timer timeout on error
RELATED STORIES
LTC Scott C. Scheidt (RET), Director, Cybersecurity Workforce Education Center at Savannah Technical College spoke...
Synthesis of the vulnerability An attacker can bypass access restrictions to data via Running Average...
|漏洞详情 Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea 0.9.99版本至1.12.x系列1.12.6之前版本存在安全漏洞,该漏洞源于不会阻止git协议路径指定TCP端口号,并且在parseRemoteAddr中的modules/auth/repo_form.go中也包含换行符(具有URL编码)。 |参考资料 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-28991 Source link Is your business effected by Cyber...
An update that solves two vulnerabilities and has one errata is now available. SUSE Security...
|漏洞详情 Frenchbread Private-ip是Frenchbread个人开发者的一个用于检查Ip是否为私有的Js代码库。 Frenchbread Private-ip package v1.0.5之前版本存在安全漏洞,该漏洞源于正则表达式不足,无法充分过滤保留的IP范围,导致SSRF不确定。攻击者可利用该漏洞可以对ARIN保留的IP范围执行大量请求,导致无法确定关键攻击向量的数量,从而允许远程攻击者可利用该漏洞通过各种SSRF技术请求服务器端资源或潜在地执行任意代码。 |参考资料 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-28360 Source link Is your business...
In mid-October, Microsoft announced the availability of Windows 10 version 20H2, known as the October...
VMware addressed six vulnerabilities in its SD-WAN Orchestrator product that can potentially expose enterprise networks...
#####################################################
# Exploit Title: E-ticaret’im v1.1 Sql İnjection Vulnerability
# Google Dork :
inurl:/blog/haberinizolsunhaberiniz.html
...
(Second of two parts) In last week’s article, we highlighted the challenges of cybersecurity in...
What method(s) have you used to verify the security of your Linux servers? No answer...
You must be logged in to post a comment.