ASB-A-265303544

Bulletin has no description...

The vulnerability of the libcurl library lies in the absence of mutexes or flow locks, allowing attackers to exploit memory after it is freed.

The vulnerability of the libcurl library is related to the absence of mutexes or flow locks. Exploiting this vulnerability allows a remote attacker to perform re-locking operations or utilize memory after it has been freed. As a result, the same data can be reused in a combined attack...

ROS-20230407-01

The libcurl library vulnerability is related to FTP connection reuse, previously created connections are stored in a connection pool for reuse if they match the current connection pool. connections are stored in the connection pool for reuse if they match the current configuration. configuration...

CVE-2023-1412

An unprivileged non-admin user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows = 2022.12.582.0 to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks oplock and symbolic links which can both be creat...

Improper access control

An unprivileged non-admin user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows = 2022.12.582.0 to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks oplock and symbolic links which can both be creat...

CVE-2023-1412

An unprivileged non-admin user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows = 2022.12.582.0 to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks oplock and symbolic links which can both be creat...

The vulnerability of the sock_hash_delete_elem() function in the net/core/sock_map.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the sockhashdeleteelem function in the net/core/sockmap.c module of the Linux kernel is related to incorrect serialization of the resource htab-bucketsi.lock. Exploiting this vulnerability could allow an attacker to trigger a service denial-of-service attack...

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

Design/Logic Flaw

A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks...

K20902096: Linux kernel vulnerability CVE-2016-6786

Security Advisory Description kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. CVE-2016-6786 Impact This...

SUSE CVE-2005-0529

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the procfileread and locksreadproc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context...

SUSE CVE-2006-1859

Memory leak in setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service memory consumption via unspecified actions related to an "uninitialised return value," aka "slab leak."...

SUSE CVE-2006-7229

The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spinlock and spinunlock functions, which allows remote attackers to cause a denial of service machine crash via a flood of network traffic...

SUSE CVE-2007-6733

The nfslock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service BUG and system crash by locking a file on an NFS filesystem and then changing this...

SUSE CVE-2010-0727

The gfs2lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfslock function in the Linux kernel on Red Hat Enterprise Linux RHEL 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a...

SUSE CVE-2014-9065

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service write denial or NMI watchdog timeout and host crash via a large number of read requests, a different vulnerability to CVE-2014-9066...

SUSE CVE-2022-0480

A flaw was found in the filelockinit in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface POSIX file locks...