[SECURITY] Fedora 34 Update: glib2-2.67.6-2.fc34

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system...

ExpressionEngine: Arbitrary forum topic close with GET CSRF.

The vulnerability allowed attackers to open or close forum threads by exploiting the lack of CSRF protection...

MyBB Trending Widget 1.2 Cross Site Scripting

Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting Date: 11/28/2018 Author: 0xB9 Software Link: https://github.com/zainali99/trends-widget Version: 1.2 Tested on: Windows 10 1. Description: This plugin shows the most trending threads. Trending thread titles aren't sanitized to...

MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting Date: 11/28/2018 Author: 0xB9 Software Link: https://github.com/zainali99/trends-widget Version: 1.2 Tested on: Windows 10 1. Description: This plugin shows the most trending threads. Trending thread titles aren't sanitized to...

Rust 安全漏洞

Rust, a general-purpose, compiled programming language from the Mozilla Foundation, was previously vulnerable in version 0.5.1. The vulnerability stems from the fact that programs can send non-send types to other threads, which can be exploited by attackers to potentially cause data contention an...

January 12, 2021-KB4597247 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016

January 12, 2021-KB4597247 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016 Release Date: January 12, 2021 Version: .NET Framework 4.8 Summary WPF1| - Addressed an issue with a FailFast crash arising in apps with two threads that both load...

CVE-2020-35886

An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race...

RUSTSEC-2020-0143 Queues allow non-Send types to be sent to other threads, allowing data races

Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior...

Queues allow non-Send types to be sent to other threads, allowing data races

Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior. The flaw was correcte...

RUSTSEC-2020-0098 UsbContext trait did not require implementers to be Send and Sync.

Affected versions of rusb did not require UsbContext to implement Send and Sync. However, through Device and DeviceHandle it is possible to use UsbContexts across threads. This issue allows non-thread safe UsbContext types to be used concurrently leading to data races and memory corruption. The...

RUSTSEC-2020-0152 ImmediateIO and TransactionalIO can cause data races

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

RUSTSEC-2020-0129 ShmWriter allows sending non-Send type across threads

Affected versions of this crate implement Send for ShmWriter without requiring H: Send. This allows users to send H: !Send to other threads, which can potentially lead to data races and undefined behavior...

ImmediateIO and TransactionalIO can cause data races

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

ShmWriter allows sending non-Send type across threads

Affected versions of this crate implement Send for ShmWriter without requiring H: Send. This allows users to send H: !Send to other threads, which can potentially lead to data races and undefined behavior...

SyncRef's clone() and debug() allow data races

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...

Multiple soundness issues in `Ptr`

Affected versions of this crate have the following issues: 1. Ptr implements Send and Sync for all types, this can lead to data races by sending non-thread safe types across threads. 2. Ptr::get violates mutable alias rules by returning multiple mutable references to the same object. 3. Ptr::writ...

The vulnerability of the do_madvise function (mm/madvise.c) in Linux operating system kernels allows a attacker to cause a service failure.

The vulnerability of the domadvise function in the Linux operating system’s kernel is related to errors during the execution of multi-threaded tasks race conditions. Exploiting this vulnerability can allow an attacker to cause service failures...

RUSTSEC-2020-0087 TryMutex<T> allows sending non-Send type across threads

Affected versions of this crate unconditionally implemented Sync trait for TryMutex type. This allows users to put non-Send T type in TryMutex and send it to another thread, which can cause a data race. The flaw was corrected in the 0.3.0 release by adding T: Send bound for the Sync trait...

RUSTSEC-2020-0119 ReadTicket and WriteTicket should only be sendable when T is Send

Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send non-Send T to other threads. This can allows creating data races by cloning types with internal mutability and sending them to other threads as T of ReadTicket/WriteTicket. Such data...

Generators can cause data races if non-Send types are used in their generator functions

The Generator type is an iterable which uses a generator function that yields values. In affected versions of the crate, the provided function yielding values had no Send bounds despite the Generator itself implementing Send. The generator function lacking a Send bound means that types that are...