Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the inability to disable users from setting their own remote usernames when the shared channel is enabled, which allows a remote user to se...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an inability to validate the origin of synchronization messages and allows only the correct RemoteId, which allows a malicious remote user ...

CVE-2024-41062

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hcirxwork, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ----...

kernel: drm/ast: Fix soft lockup

CVE-2024-35952 describes an issue in the Linux kernel's AST graphics driver. The problem occurs in the astdpsetonoff function, where a lack of proper synchronization with the DisplayPort Microcontroller Unit DPMCU can result in an infinite loop. This can cause a "soft lockup" in the host system,...

The vulnerability of the Frames component in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.

The vulnerability of the Frames component in Google Chrome and Microsoft Edge is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

DEBIAN-CVE-2024-41062

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hcirxwork, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ----...

CVE-2024-41062

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hcirxwork, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ----...

CVE-2024-41062 bluetooth/l2cap: sync sock recv cb and release

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hcirxwork, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ----...

CVE-2024-41062 bluetooth/l2cap: sync sock recv cb and release

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hcirxwork, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ----...

CVE-2024-41062

CVE-2024-41062 affects the Linux kernel Bluetooth L2CAP code. A race exists between closing a socket and the HCI receive work: if hci_rx_work processes pending data after sock_close releases the sock, the work may access an invalid sock. Root cause: lack of synchronization between sock release an...

Huawei EMUI and Huawei HarmonyOS elevation of privilege vulnerability (CNVD-2025-07822)

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei HarmonyOS is an operating system... An elevation of privilege vulnerability exists in Huawei EMUI and Huawei HarmonyOS, which stems from improper...

The vulnerability of the Self-Registration component in the IoT Apache StreamPipes toolset allows a attacker to disrupt the user management process of StreamPipes.

The vulnerability of the Self-Registration component in the IoT Apache StreamPipes toolkit is related to synchronization errors when using a common resource. This vulnerability can allow a malicious actor to manipulate the StreamPipes user management process by creating multiple users with the sa...

CVE-2024-39670

Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-39670

Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2024-39670

CVE-2024-39670 is a privilege-escalation vulnerability in Huawei EMUI and Huawei HarmonyOS, stemming from improper privilege management in the account synchronization module. The weakness is reported to impact availability upon successful exploitation. Connected sources identify affected platform...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei HarmonyOS is an operating system... An elevation of privilege vulnerability exists in Huawei EMUI and Huawei HarmonyOS, which stems from improper...

BIT-SYNCTHING-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: webpack...

F-logic DataCube3 操作系统命令注入漏洞

F-logic DataCube3 is a small measurement terminal system from F-logic Japan. An operating system command injection vulnerability exists in F-logic DataCube3 version 1.0, which originates from the parameter ntpserver via the file /admin/configtimesync.php that causes operating system command...

The vulnerability of Zoom’s video conferencing software, related to synchronization errors when using shared resources (“Race Situation”), allows a violator to trigger a service failure.

The vulnerability of Zoom’s video conferencing software is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow an attacker to cause service failures...