CVE-2024-33060

CVE-2024-33060 is a use-after-free race in Qualcomm’s DSP/adsprpc driver (fastrpc_mmap) that can occur when global and local mappings are concurrently created and freed. The vulnerability centers on fastrpc_mmap_create, fastrpc_mmap_add, and related epilogue paths (mem_map_to_dsp, munmap/mmap_fre...

CVE-2024-33060 Use After Free in DSP Service

Memory corruption when two threads try to map and unmap a single node simultaneously...

CVE-2024-33060 Use After Free in DSP Service

Memory corruption when two threads try to map and unmap a single node simultaneously...

IBM Lotus Notes Sametime Room Name Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime Room Name Bruteforce', 'Description' = %q This module bruteforces Sametime meeting room names via t...

IBM Lotus Notes Sametime User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime User Enumeration', 'Description' = %q This module extracts usernames using the IBM Lotus Notes...

Malicious code in noblox.js-threads (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff6e7081bd0620aa9d7475eb55589362075317d25dceecf4c6df7ce2230ce28e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8086 Malicious code in noblox.js-threads (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff6e7081bd0620aa9d7475eb55589362075317d25dceecf4c6df7ce2230ce28e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2024-27267

The Object Request Broker ORB in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads...

riscv: prevent pt_regs corruption for secondary idle threads

...

CVE-2024-27267 IBM SDK, Java Technology Edition denial of service

The Object Request Broker ORB in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads...

CVE-2024-27267 IBM SDK, Java Technology Edition denial of service

The Object Request Broker ORB in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads...

PT-2024-21783 · Ibm +3 · Ibm Sdk +4

Name of the Vulnerable Software and Affected Versions: IBM SDK, Java Technology Edition versions 7.1.0.0 through 7.1.5.18 IBM SDK, Java Technology Edition versions 8.0.0.0 through 8.0.8.26 Description: The Object Request Broker ORB in IBM SDK, Java Technology Edition is vulnerable to remote denia...

kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

A vulnerability was found in the dotaskstat function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness...

SUSE CVE-2024-42245

In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.maxloop if all tasks examined to...

CVE-2024-42245

In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.maxloop if all tasks examined to...

CVE-2024-39510 cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemanddaemonread We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential data contention issue in the iouring/io-wq component when handling worker threads...

This Week in Spring - July 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...

Exploit for Path Traversal in Splunk

CVE-2024-36991: Path traversal that affects Splunk Enterprise...

This Week in Spring - July 2nd, 2024

Hi, spring fans! Welcome to another amazing installment of This Week in Spring! In last week's installment of A Bootiful Podcast, recorded a few weeks ago at Spring IO, I talked with Spring Security legend Laur Spilca In last week's installment of Spring Tips, I looked at a number of ways you cou...