Lucene search
K

2566 matches found

CNVD
CNVD
added 2024/03/14 12:0 a.m.20 views

Apache Answer Competitive Conditions Issue Vulnerability

Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and prior versions suffer from a Competing Conditions vulnerability, which arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during...

5.9CVSS7AI score0.00895EPSS
Exploits0References1
OSV
OSV
added 2024/03/11 6:15 p.m.0 views

DEBIAN-CVE-2023-52487

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix peer flow lists handling The cited change refactored mlx5etcdelfdbpeerflow to only clear DUP flag when list of peer flows has become empty. However, if any concurrent user holds a reference to a peer flow for...

5.5CVSS5.3AI score0.00272EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/03/11 1:12 a.m.5 views

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

8CVSS7.5AI score0.01465EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.17 views

Fedora: Security Advisory for subversion (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.15 views

Fedora: Security Advisory for jctools (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.19 views

[SECURITY] Fedora 40 Update: jctools-4.0.2-3.fc40

This project aims to offer some concurrent data structures currently missing from the JDK: =EF=BF=BD=EF=BF=BD SPSC/MPSC/SPMC/MPMC Bounded lock free queues =EF=BF=BD=EF=BF=BD SPSC/MPSC Unbounded lock free queues =EF=BF=BD=EF=BF=BD Alternative interfaces for queues =EF=BF=BD=EF=BF=BD Offheap...

8.8CVSS7AI score0.02557EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2024/03/07 4:24 a.m.2 views

SUSE CVE-2024-26623

In the Linux kernel, the following vulnerability has been resolved: pdscore: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. 1 pdscadminqisr and the resulting work from queuework, i.e. pdscworkthread-pdscprocessadminq 2 pdscadminqpost...

5.5CVSS6.8AI score0.00213EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/03/06 3:38 p.m.2 views

undertow: url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

7.5CVSS7.3AI score0.01702EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:13 a.m.25 views

BIT-MEDIAWIKI-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

7.5CVSS7.4AI score0.01752EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:11 a.m.30 views

BIT-TOMCAT-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 9.0.0 through 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers -...

4.3CVSS6.7AI score0.57286EPSS
Exploits0References8
OSV
OSV
added 2024/03/04 7:15 a.m.5 views

DEBIAN-CVE-2024-26622

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

7.8CVSS5.6AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/04 6:40 a.m.21 views

CVE-2024-26622 tomoyo: fix UAF write bug in tomoyo_write_control()

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

6.8AI score0.00238EPSS
Exploits0References6
OSV
OSV
added 2024/03/04 6:40 a.m.15 views

CVE-2024-26622 tomoyo: fix UAF write bug in tomoyo_write_control()

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...

7.8CVSS6AI score0.00238EPSS
Exploits0References11
OSV
OSV
added 2024/03/02 10:15 p.m.20 views

DEBIAN-CVE-2023-52505

In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: serialize concurrent physetmodeext calls to shared registers The protocol converter configuration registers PCC8, PCCC, PCCD implemented by the driver, as well as others, control protocol converters from multiple...

4.7CVSS5.3AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2024/03/02 10:15 p.m.1 views

UBUNTU-CVE-2023-52505

In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: serialize concurrent physetmodeext calls to shared registers The protocol converter configuration registers PCC8, PCCC, PCCD implemented by the driver, as well as others, control protocol converters from multiple...

4.7CVSS5.7AI score0.00168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/02/29 3:51 p.m.5 views

kernel: GSM multiplexing race condition leads to privilege escalation

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...

7CVSS6.9AI score0.00767EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:33 a.m.4 views

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

8CVSS7.5AI score0.01465EPSS
Exploits0References4
OSV
OSV
added 2024/02/22 12:30 p.m.18 views

GHSA-9Q24-HWMC-797X Apache Answer Race Condition vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...

5.9CVSS5.6AI score0.00895EPSS
Exploits0References4
NVD
NVD
added 2024/02/22 10:15 a.m.7 views

CVE-2024-26578

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...

5.9CVSS6.6AI score0.00895EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/22 9:28 a.m.14 views

CVE-2024-26578 Apache Answer: Repeated submission at registration created duplicate users with the same name

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...

5.7AI score0.00895EPSS
Exploits0References2
Rows per page
Query Builder