PT-2025-47939

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Bluetooth implementation related to mesh synchronization and completion. Specifically, a stack-out-of-bounds issue exists in the set mesh sync...

CVE-2025-11933

CVE-2025-11933 describes an issue in wolfSSL up to version 5.8.2 where improper input validation in the TLS 1.3 CKS extension parsing can allow a remote unauthenticated attacker to cause a denial‑of‑service with a crafted ClientHello containing duplicate CKS extensions. Affected software is wolfS...

CVE-2025-41115

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...

Incorrect privilege assignment

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...

Rsync 安全漏洞

Rsync is a fast and versatile file copying tool open-sourced by RsyncProject. It is used for remote files and local files. A security vulnerability exists in Rsync that stems from an out-of-bounds read of the heap buffer due to a negative array index, which could lead to information disclosure...

Google Chrome on iO SInternals Post-Release Reuse Vulnerability

Google Chrome on iOS is a mobile browser designed by Google for Apple cell phone users, supporting cross-device synchronization, multi-tab browsing, voice search and other features to provide a smooth web browsing experience. Google Chrome on iOS suffers from an Internals reuse-after-release...

Siemens SCALANCE and RUGGEDCOM Devices Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-2024-40943)

ocfs2: fix races between hole punching and AIO+DIO. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504517; scriptversion"1.2";...

Siemens SCALANCE and RUGGEDCOM Devices Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-2024-42232)

libceph: fix race between delayedwork and cephmoncstop The way the delayed work is handled in cephmoncstop is prone to races with monfault and possibly also finishhunting. Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after...

kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths

...

CVE-2025-40130

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpulatencyqosadd/remove/updaterequest interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current...

tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2024-26671)

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

ROS-20251113-05

A vulnerability in the NVIDIA display driver is related to a synchronization issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code, escalate privileges, cause a denial of service, and disclose sensitive information A vulnerability in the NVIDIA display driver ...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21712)

md/md-bitmap: vulnerability caused by bitmapgetstats can be called even if the bitmap is destroyed or not fully initialized, leading to a kernel crash, which is fixed by synchronizing bitmapgetstats with bitmapinfo.mutex. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2024-26645)

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracingmap. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Windows Server Update Service Deserialization Remote Code Execution

This module exploits deserialization vulnerability in legacy serialization mechanism in Windows Server Update Services WSUS. The vulnerability allows unauthenticated attacker to create specially crafted event, which triggers unsafe deserialization upon server synchronization. The module does not...

CVE-2025-60723

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows DirectX allows an authorized attacker to deny service over a network...

CVE-2025-59508

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Speech allows an authorized attacker to elevate privileges locally...

CVE-2025-62215

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Kernel allows an authorized attacker to elevate privileges locally...

EUVD-2025-124943

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...