The vulnerability of the Private Key Handler component in the server that unlocks encrypted disks of Tang allows a hacker to disclose the protected information.

The vulnerability of the Private Key Handler component in the server that unlocks encrypted disks of the Tang service is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

PT-2023-7532 · Unknown · Metadatabase.Cpp

Name of the Vulnerable Software and Affected Versions: MetaDataBase.cpp affected versions not specified Description: The issue is related to a possible UAF Use After Free write due to a race condition in multiple functions of MetaDataBase.cpp. This could lead to remote escalation of privilege wit...

The vulnerability of the application interface for WebDAV web applications used for syncing data with ownCloud allows a perpetrator to bypass authentication procedures and gain access to read, modify, or delete data.

The vulnerability of the WebDAV application interface for data synchronization with ownCloud is related to initialization errors caused by the lack of configuration of signature keys for pre-signed URL addresses. Exploiting this vulnerability allows an attacker to bypass authentication procedures...

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 lies in the ability to inject commands into the input field of the NTP server, allowing a perpetrator to execute arbitrary code.

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 lies in the ability to inject commands into the input field of the NTP server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted POST request...

The vulnerability of the software for protecting against Cisco Secure Endpoint Connector for Windows against malware lies in synchronization errors when using a shared resource (“Race Condition”), allowing a malicious actor to trigger a service failure.

The vulnerability of the Cisco Secure Endpoint Connector for Windows anti-virus software relates to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause service failures...

[SECURITY] Fedora 37 Update: galera-26.4.16-1.fc37

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of the Windows operating system’s kernel is related to synchronization errors when using a shared resource „Race Conditions“. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the UDPv6 network protocol implementation in Linux operating systems allows attackers to trigger a service failure.

The vulnerability of the UDPv6 network protocol implementation in Linux operating systems is related to concurrent access to the dstentry structure during a race condition, due to the lack of synchronization in the sksetupcaps function within the net/core/sock.c module. Exploiting this...

Fedora: Security Advisory for syncthing (FEDORA-2023-fa2d7b25d9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: syncthing-1.26.0-1.fc39

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 37 Update: syncthing-1.26.0-1.fc37

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

[SECURITY] Fedora 38 Update: syncthing-1.26.0-1.fc38

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

java-21-openjdk security and bug fix update

1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable specfile with the RHEL 7 version - Related: RHEL-12997 1:21.0.1.0.12-1 - Update to jdk-21.0.1.0+12 GA - Update release notes to 21.0.1.0+12 - Sync th...

The vulnerability of the Windows operating system’s Search service allows a perpetrator to escalate their privileges.

The vulnerability of the Windows operating system’s Search service is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of the Windows operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the ide_dma_cb() function in the QEMU hardware emulation software allows a attacker to gain access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the idedmacb function in the QEMU hardware emulation software is related to synchronization errors when processing the DRQSTAT parameter. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data, or cause a service failure...

kernel: drm/amdkfd: Add sync after creating vram bo

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is writting on the memory. Adding sync to wait for the initialization...

kernel: drm/amdkfd: fix potential kgd_mem UAFs

A flaw was found in the Linux kernel related to improper synchronization in a filesystem allocation path. Under certain conditions, concurrent operations may access and modify shared kernel data structures without adequate locking. This race condition can result in inconsistent internal state,...

kernel: net/mlx5e: Fix deadlock in tc route query code

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock0 when peer flows are created while holding the devcom rw semaphore. Due to peer flows offload implementation the lock is taken much higher up the ca...

Intel Unison Security Vulnerability

Intel Unison is an application from Intel Corporation USA used to synchronize various data before PCs and smartphones. A security vulnerability exists in Intel Unison software. An attacker exploiting this vulnerability could cause elevation of privilege, information disclosure, or denial of servi...