PT-2025-1091 · Microsoft · Windows Remote Desktop Gateway +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Gateway RD Gateway affected versions not specified Description: The issue is related to a denial-of-service vulnerability in the Windows Remote Desktop Gateway RD Gateway. It is associated with synchronization errors wh...

Rsync contains six vulnerabilities

Overview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak,...

CVE-2024-54191 Bluetooth: iso: Fix circular lock in iso_conn_big_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in isoconnbigsync This fixes the circular locking dependency warning below, by reworking isosockrecvmsg, to ensure that the socket lock is always released before calling a function that locks hde...

CVE-2024-47143

CVE-2024-47143 relates to the Linux kernel and describes a potential deadlock in the dma-debug flow caused by holding radix_lock while dma_hash_entry locks are held. The fix, as documented in the connected sources, is to perform dma_entry_free() after put_hash_bucket() inside check_unmap() to pre...

ROS-20250110-12

Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource "Race Situation". "Race Situation". Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by downloading specially crafted JSP files Apache Tomcat...

kernel: i40e: fix race condition by adding filter's intermediate sync state

In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multip...

WordPress MIPL WC Multisite Sync plugin <= 1.1.5 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by nvthien in WordPress Plugin MIPL WC Multisite Sync versions = 1.1.5...

The vulnerability of the PlaybackParams class in the Mozilla Firefox browser and Thunderbird email client allows a perpetrator to access confidential data.

The vulnerability of the PlaybackParams class in Mozilla Firefox and Thunderbird’s email client is related to synchronization errors when using a common resource “Race Situation”. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Race Condition Vulnerability

github.com/moby/moby is vulnerable to a Race Condition. The vulnerability is due to improper synchronization in builder/builder-next/adapters/snapshot/layer.go within the EnsureLayer function, allowing concurrent builds to access shared resources without adequate safeguards, leading to resource...

PT-2025-49797

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s ASoC Advanced Linux Sound Architecture Intel avs Audio Video Stream component. Specifically, the avs dai fe shutdown function, responsible for shuttin...

PT-2026-4656

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The problem occurs when the DMA buffer is freed before the...

SUSE CVE-2024-53182

In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfqreleaseprocessref into bfqputcooperator" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator...

CVE-2024-56655

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not defer rule destruction via callrcu nftableschaindestroy can sleep, it can't be used from callrcu callbacks. Moreover, nftablesrulerelease is only safe for error unwinding, while transaction mutex is he...

DEBIAN-CVE-2024-56575

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, devpmdomaindetach requires the caller to ensure proper synchronization of this function...

UBUNTU-CVE-2024-56575

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, devpmdomaindetach requires the caller to ensure proper synchronization of this function...

CVE-2024-56655 netfilter: nf_tables: do not defer rule destruction via call_rcu

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not defer rule destruction via callrcu nftableschaindestroy can sleep, it can't be used from callrcu callbacks. Moreover, nftablesrulerelease is only safe for error unwinding, while transaction mutex is he...

CVE-2024-56575 media: imx-jpeg: Ensure power suppliers be suspended before detach them

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, devpmdomaindetach requires the caller to ensure proper synchronization of this function...

DEBIAN-CVE-2024-53203

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...

The vulnerability of the NuGet package management system, related to synchronization errors when using a shared resource, allows a hacker to execute arbitrary code.

The vulnerability of the NuGet package management system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary code...

The vulnerability of the Apache Tomcat application server, related to synchronization errors when using shared resources, allows attackers to execute arbitrary code.

The vulnerability of the Apache Tomcat application server is related to synchronization errors when using a shared resource, due to the lack of consideration for registrations in the file system during the writing of servlets. Exploiting this vulnerability allows an attacker operating remotely to...