2567 matches found
The vulnerability of the `bnx2x_set_fw_mac_addr()` function in the `drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h` file of the Broadcom NetXtremeII 10Gb driver for the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the bnx2xsetfwmacaddr function in the drivers/net/ethernet/broadcom/bnx2x/bnx2xcmn.h file of the Broadcom NetXtremeII 10Gb driver for the Linux operating system is related to the reallocation of previously freed memory due to concurrent access to resources. Exploiting this...
Karma 安全漏洞
Karma is a simple tool. Allows execution of JavaScript code in multiple real browsers. A security vulnerability exists in Karma versions prior to 0.17.4.1, which stems from the fact that sending multiple post requests at the same time will bypass the cooldown validation...
CVE-2024-34695
Affected software: WOWS Karma reputation system for World of Warships. Root cause / vector: A user can click the"create" button multiple times on the post-creation prompt before the modal closes, causing several API requests to be sent in parallel. This timing flaw allows bypassing the cooldown v...
CVE-2024-2913
A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...
AnythingLLM 安全漏洞
AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from the fact that an attacker can accept a single user invitation by sending multiple concurrent requests, thereby allowing the creation of multiple user accounts from a...
openSUSE Security Advisory (SUSE-SU-2024:1447-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-2913 Race Condition Vulnerability in mintplex-labs/anything-llm
A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...
kernel: GSM multiplexing race condition leads to privilege escalation
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...
SUSE CVE-2024-27030
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time th...
AZL-42214 CVE-2024-27019 affecting package kernel for versions less than 5.15.158.1-1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix potential data-race in nftobjtypeget nftunregisterobj can concurrent with nftobjtypeget, and there is not any protection when iterate over nftablesobjects list in nftobjtypeget. Therefore, there is...
CVE-2024-26962
In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in...
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a deadlock in dm-raid456 when io is concurrent with reshape...
kernel: GSM multiplexing race condition leads to privilege escalation
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...
kernel: RDMA/srpt: Add a check for valid 'mad_agent' pointer
A flaw was addressed in the Linux kernel’s RDMA SRPT SCSI RDMA Protocol Target subsystem. When unregistering a MAD Management Datagram agent, the SRPT module previously performed a non-NULL check on the madagent pointer before invoking ibunregistermadagent. Under rare timing...
kernel: RDMA/irdma: Fix data race on CQP completion stats
The Linux kernel contains a race condition vulnerability in its RDMA/irdma subsystem, where completion queue pair CQP completion statistics are read concurrently without adequate synchronization while being updated on another CPU. Under certain workloads, a lack of atomic operations and improper...
kernel: net: fix possible store tearing in neigh_periodic_work()
A flaw was found in the Linux kernel that allows for potential store tearing within the neighperiodicwork function, meaning a write operation on a value is not protected properly and could result in inconsistencies if another process or thread reads from that value before the operation is complet...
kernel: iommufd: IOMMUFD_DESTROY should not increase the refcount
A race condition was identified in the iommufd subsystem of the Linux kernel where the IOMMUFDDESTROY command incorrectly increments an object’s reference count without holding the expected exclusive synchronization destroyrwsem. This violates the assumption that temporary reference count...
kernel: scsi: target: Fix multiple LUN_RESET handling
A race condition flaw was found in the Linux kernel SCSI target subsystem's LUNRESET handling. When multiple remote initiator sessions send concurrent LUNRESET commands, one session's reset can incorrectly drain commands from another session, causing the second session to receive a successful res...
CVE-2024-21089
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite component: Request Submission and Scheduling. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
CVE-2024-21089
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite component: Request Submission and Scheduling. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...