CVE-2022-49506

The CVE-2022-49506 issue affects the Linux kernel DRM/Mediatek path, where a race between the vblank callback registration and disabling vblank could yield NULL callback data in the ovl IRQ path, risking kernel panic. The documented fix adds a vblank callback registration flow: register callback ...

CVE-2022-49506 drm/mediatek: Add vblank register/unregister callback functions

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL when it's using in ovl irq handler. There is a timing issue between mtkdispovlirqhandler and...

Astra Linux - уязвимость в curl

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

PT-2025-9007

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel's hrtimers infrastructure allows wakeups to be performed by an outgoing CPU after the CPUHP AP HRTIMERS DYING stage, potentially resulting in bandwidt...

OESA-2024-2472 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later th...

SUSE CVE-2024-31074

Observable timing discrepancy in some IntelR QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access...

Security Bulletin: A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information (CVE-2020-15522).

Summary A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information. IBM Robotic Process Automation uses Bouncy Castle for encrytion. This bulletin identifies the security fixes to apply to address the vulnerability...

Jenkins cli Ampersand Replacement Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins cli Ampersand Replacement Arbitrary File Read', 'Description' = %q This module utilizes the Jenkins cli protocol to run the help command...

Race Condition

github.com/cilium/cilium is vulnerable to a Race Condition. The vulnerability is due to a timing issue in the Cilium agent's label processing logic, potentially causing it to overlook node labels. An attacker could potentially exploit this by crafting malicious network traffic that would normally...

Juniper Junos OS Vulnerability (JSA83014)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83014 advisory. - A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability the Routing Protocol Daemon rpd of Juniper Networks Junos OS and...

Mozilla: Use-after-free in JavaScript object transplant

The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant...

Mozilla: Use-after-free in JavaScript object transplant

The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant...

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling registernetdev until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case,...

CVE-2021-47139

CVE-2021-47139 affects the Linux kernel hns3 driver. A race occurs because the netdevice is registered before client initialization completes, creating a window where changes to channels or rx CPU map can trigger hns3_set_rx_cpu_rmap() twice, leading to a crash (BUG at lib/cpu_rmap.c). The fix, a...

SUSE CVE-2024-0742

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

DEBIAN-CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerabili...

Design/Logic Flaw

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

CVE-2023-20084

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

CVE-2023-20084

CVE-2023-20084 affects Cisco Secure Endpoint for Windows. A timing issue between software components can let a local, authenticated attacker coerce a user to place a malicious file in a folder and run it within a narrow window, causing the endpoint to fail to quarantine the file or terminate the ...

Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...