SUSE CVE-2021-47414

In the Linux kernel, the following vulnerability has been resolved: riscv: Flush current cpu icache before other cpus On SiFive Unmatched, I recently fell onto the following BUG when booting: 0.000000 ftrace: allocating 36610 entries in 144 pages 0.000000 Oops - illegal instruction 1 0.000000...

The vulnerability of the do_pagemap_scan() function in the Linux kernel’s pseudo-file system driver allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the dopagemapscan function in the fs/proc/taskmmu.c driver of the Linux pseudo-file system for the kernel’s proc module is related to a violation of the synchronization mechanism, leading to concurrent access to resources race condition. Exploiting this vulnerability could...

The vulnerability of the rose_connect() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the roseconnect function in the Linux operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

Fedora: Security Advisory for nextcloud (FEDORA-2024-d67f9827b2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-47512

In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: prevent dismantle issue For some reason, fqpiedestroy did not copy working code from piedestroy and other qdiscs, thus causing elusive bug. Before calling deltimersync&q-adapttimer, we need to ensure timer will...

Bluetooth: Fix memory leak in hci_req_sync_complete()

...

The vulnerability in the execution environment for JavaScript and TypeScript Deno arises from synchronization errors when using a shared resource, allowing an attacker to expose sensitive information.

The vulnerability of the execution environment for JavaScript and TypeScript in Deno arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

SUSE CVE-2021-47356

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFCcleanup This module's remove path calls deltimer. However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the...

SUSE CVE-2021-47230

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is always synchronized with the vCPU's flag. If R...

SUSE CVE-2021-47278

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pcigeneric: Fix possible use-after-free in mhipciremove This driver's remove path calls deltimer. However, that function does not wait until the timer handler finishes. This means that the timer handler may still be...

SUSE CVE-2021-47305

In the Linux kernel, the following vulnerability has been resolved: dma-buf/syncfile: Don't leak fences on merge failure Each addfence call does a dmafenceget on the relevant fence. In the error path, we weren't calling dmafenceput so all those fences got leaked. Also, in the kreallocarray failur...

SUSE CVE-2021-47323

In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520wdt: Fix possible use-after-free in wdtturnoff This module's remove path calls deltimer. However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running...

SUSE CVE-2021-47335

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid racing on fsyncentryslab by multi filesystem instances As syzbot reported, there is an use-after-free issue during f2fs recovery: Use-after-free write at 0xffff88823bc16040 in kfence-10:...

kernel: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted

A flaw was found in the jbd2 module in the Linux kernel. An assertion failure can be triggered when a specific sequence of transactions and operations is performed due to incorrect synchronization, potentially resulting in a denial of service...

The vulnerabilities of Microsoft .NET software platforms and Microsoft Visual Studio development tools are caused by synchronization errors when using shared resources, allowing attackers to trigger service failures.

The vulnerabilities of Microsoft .NET software platforms and Microsoft Visual Studio development tools stem from synchronization errors when using shared resources. Exploiting these vulnerabilities can allow a malicious actor to cause service interruptions...

CVE-2024-4154

In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the...

CVE-2024-4154

In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the...

CVE-2024-4154 Incorrect Synchronization in lunary-ai/lunary

In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the...

CVE-2024-4154 Incorrect Synchronization in lunary-ai/lunary

In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the...

CVE-2024-4154

CVE-2024-4154 affects lunary-ai/lunary, version 1.2.2. The vulnerability is described as an incorrect synchronization flaw that lets unprivileged users rename projects they are not authorized to access by sending a PATCH to the project endpoint with a new name. This can lead to unauthorized modif...