A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

...

Ropr - A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative

ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP Return Oriented Programming Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388-POC BIG-IP iCONTROL REST API AUTH BYPASS /RCE EX...

OSV-2022-327 Stack-use-after-return in QSemaphore::release

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46525 The issue already existed before oss-fuzz could reproduce it. oss-fuzz found it after qdrawhelper routines were made multithreaded. There might be ways to trigger the issue before that. Crash type: Stack-use-after-return...

ROS-20220330-01

Vulnerability in the network block device implementation client library libnbd, related to the mechanism of error handling mechanism in the nbdcopy tool when executing multithreaded copies using asynchronous nbd nbd calls. Exploitation of the vulnerability could allow an attacker acting remotely ...

Fedora: Security Advisory for libnbd (FEDORA-2022-2fa5931425)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

LACheck - Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration

Multithreaded C .NET Assembly Local Administrative Privilege Enumeration Arguments domain controller to query if not ran on a domain-joined host /domain - specify domain name if not ran on a domain-joined host /edr - check host for EDR requires smb, rpc, or winrm /logons - return logged on users ...

CVE-2021-36305

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB...

Fedora: Security Advisory for nbdkit (FEDORA-2021-9c2ba2fcfc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 33 Update: nbdkit-1.24.6-1.fc33

NBD is a protocol for accessing block devices hard disks and disk-like things over the network. nbdkit is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Minimal dependencies for the basic server. Liberal license BSD allows...

[SECURITY] Fedora 34 Update: nbdkit-1.26.5-1.fc34

NBD is a protocol for accessing block devices hard disks and disk-like things over the network. nbdkit is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Minimal dependencies for the basic server. Liberal license BSD allows...

GHSA-2F5J-3MHQ-XV58 Double free in sys-info

Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment. This results in consistent...

GHSA-9699-GM7F-CMJV Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected...

Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected...

SUSE: Security Advisory (SUSE-SU-2020:1023-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2021:0544-1 Security update for ceph

This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' bsc1182766 - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token bsc1179997 - CVE-2020-25678: Do not add sensitive information in Ceph log files bsc1178905 -...

CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox 86...

CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox 86...

Code injection

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox 86...

CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox 86...