Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that originates from a malicious user being able to send an incorrectly formatted login link that redirects th...

The vulnerability of the Windows Registry component of the Microsoft Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows Registry component of the Microsoft Windows operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Acrobat Reader PDF viewing and editing software is related to synchronization errors when using a common resource, allowing attackers to escalate their privileges.

The vulnerability of the Acrobat Reader PDF viewing and editing software is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

qemu-kvm security update

9.0.0-10 - kvm-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch RHEL-52617 - Resolves: RHEL-52617 CVE-2024-7409 qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure rhel-9.5 9.0.0-9 -...

The vulnerability of the IPAuthenticationProvider component of the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper allows a attacker to bypass the authentication process.

The vulnerability of the IPAuthenticationProvider component of the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is related to the ability to bypass authentication through phising techniques...

Moderate: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfdstate in sync with MSRIA32XFD The Linux kernel CVE team has assigned CVE-2024-35801 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35801-8038@gregkh/T...

kernel: md/dm-raid: don't call md_reap_sync_thread() directly

A flaw was found in the md/dm-raid subsystem in the Linux kernel. If mdreapsyncthread is called directly, it could lead to potential misuse or system instability...

kernel: drivers: core: synchronize really_probe() and dev_uevent()

This CVE has been marked as Rejected by the assigning CNA...

kernel: drm/ast: Fix soft lockup

CVE-2024-35952 describes an issue in the Linux kernel's AST graphics driver. The problem occurs in the astdpsetonoff function, where a lack of proper synchronization with the DisplayPort Microcontroller Unit DPMCU can result in an infinite loop. This can cause a "soft lockup" in the host system,...

PT-2024-8326 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in the Windows Win32 Kernel Subsystem. This can allow an attacker to elevate their privileges. The estimated numb...

openSUSE Security Advisory (SUSE-SU-2024:3948-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-50183 scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DAID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforeha...

The vulnerability of the vfio component in the Linux operating system’s kernel allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the vfio component in Linux operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to trigger a Denial-of-Service Attack...

The vulnerability of the vfio component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the vfio component in the Linux operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the rtas component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the rtas component in the Linux operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the fsl-qdma component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the fsl-qdma component in the Linux operating system’s kernel is related to a violation of the synchronization mechanism. Exploiting this vulnerability can allow an attacker to cause a service failure...

[SECURITY] Fedora 40 Update: syncthing-1.28.0-1.fc40

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 41 Update: syncthing-1.28.0-1.fc41

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 39 Update: syncthing-1.28.0-1.fc39

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...