UBUNTU-CVE-2021-47184

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40EVSIRELEASING flag to signalize deleting and releasing of VSI resources to sync this thread with sy...

CVE-2024-1902

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker...

CVE-2024-1902

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker...

XWiki Platform CSRF remote code execution through the realtime HTML Converter API

Impact When the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the...

CVE-2024-1902 Session Reuse Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker...

CVE-2024-1902 Session Reuse Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker...

CVE-2024-1902

CVE-2024-1902 affects lunary-ai/lunary. The issue is a session-reuse vulnerability where a removed user can alter an organization’s name using an old authorization token via the orgs.patch route. Root cause: lack of validation to verify membership in the organization before permitting changes, du...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a synchronization process that can cause system crashes or other unstable behavior...

ROS-20240409-02

Vulnerability of the hmac.comparedigest function of the Lib/hmac.py library of the programming language interpreter Python is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker acting remotely to escalate thei...

The vulnerability of the Nix package manager in Unix operating systems, related to synchronization errors when using shared resources, allows a perpetrator to modify the output of package processes in the Nix store.

The vulnerability of the Nix package manager in Unix operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to modify the output of package processes in the Nix store...

The vulnerability of the kernel of iOS operating systems, macOS Sonoma, iPadOS, tvOS, visionOS, and watchOS allows attackers to disclose protected information.

The vulnerability of the kernel of iOS, macOS Sonoma, iPadOS, tvOS, visionOS, and watchOS is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these systems...

CVE-2024-26812

An interrupt handling flaw was found in the Linux kernel’s PCI core device driver. This flaw allows a local user to potentially crash the system...

DEBIAN-CVE-2024-26812

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the...

DEBIAN-CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

CVE-2024-26812

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the...

CVE-2024-26810

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In...

UBUNTU-CVE-2024-26812

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the...

UBUNTU-CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

CVE-2024-26812 vfio/pci: Create persistent INTx handler

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the...

CVE-2024-26812

CVE-2024-26812: In the Linux kernel, vfio/pci: Create persistent INTx handler vulnerability allowed signaling of eventfds with a NULL context after the IRQ handler was unregistered (via SET_IRQS ioctl or unmask irqfd) when an INTx interrupt was pending. The fix moves INTx interrupt handler config...