CVE-2024-38583 nilfs2: fix use-after-free of timer for log writer thread

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potenti...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a device structure being released after synchronization...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of the Windows operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of the Windows operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

iBarn Security Vulnerabilities

iBarn is an application by zhimengzhe personal developer. It provides file network backup, synchronization and sharing services. A security vulnerability exists in iBarn v1.5, which originates from a reflected cross-site scripting XSS vulnerability contained in the $search parameter on /index.php...

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

The vulnerability of the __spi_sync() function in the Linux operating system’s Serial Peripheral Interface (SPI) driver allows a hacker to trigger a service failure.

The vulnerability of the spisync function in the drivers/spi/spi.c file of the Linux System on Chip Serial Peripheral Interface SPI driver is related to the assignment of a zero pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

PT-2024-4289 · Microsoft · Windows Kernel-Mode Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel-Mode Driver affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource, which can allow an attacker to elevate their privileges. This is a local privilege...

PT-2024-4173

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description The issue is related to synchronization errors when using a shared resource, which can be exploited to elevate privileges. An elevation-of-privilege vulnerability allows attackers to...

PT-2024-4302

Name of the Vulnerable Software and Affected Versions Azure Identity Libraries and Microsoft Authentication Library affected versions not specified Description The vulnerability in Azure Identity Libraries and Microsoft Authentication Library is related to synchronization errors when using a shar...

UBUNTU-CVE-2024-36972

In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect closed inflight sockets, and then if the socket has MSGOOB in...

The vulnerability of the Apex One NT RealTime Scan anti-virus software programs Trend Micro Apex One and Apex One as a Service allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the Apex One NT RealTime Scan antivirus software programs Trend Micro Apex One and Apex One as a Service is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges and execute arbitrary...

TYPO3 Cross-Site Scripting in Filelist Module

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...

kernel update

4.18.0-553.5.1.el810.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

SUSE CVE-2024-36949

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfdsuspendallprocesses to evict all processes on all devices, this call takes...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of file extensions containing malicious sequences when accessing the server's file system directly or through synchronization, which allows an attacker to execute arbitrary scripts in the...

SUSE CVE-2024-36961

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointe...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an eviction and device reset synchronization issue, which can result in a page fault due to a process not...

PT-2024-40142 · Packagist · Typo3/Cms-Core

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A cross-site scripting issue has been found in the output table listing of the "Files" backend module. This occurs when a file extension contains malicious sequences. To exploit thi...

SUSE CVE-2021-47394

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unlink table before deleting it syzbot reports following UAF: BUG: KASAN: use-after-free in memcmp+0x18f/0x1c0 lib/string.c:955 nlastrcmp+0xf2/0x130 lib/nlattr.c:836 nfttablelookup.part.0+0x1a2/0x460...