2560 matches found
PT-2025-8531 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists in the Linux kernel related to sysctl tcp mtu probing. This issue occurs because the value of sysctl tcp mtu probing can be changed concurrently while it is...
PT-2025-8519 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists around sysctl tcp fastopen in the Linux kernel. The value of sysctl tcp fastopen can be changed concurrently while it is being read, which requires the use of...
PT-2025-26012 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the block layer and the blk-rq-qos framework. The issue occurs when the io.cost.qos file is written by two CPUs...
PT-2025-8513 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists around sysctl fib multipath use neigh. The value of sysctl fib multipath use neigh can be changed concurrently while it is being read, which requires the use o...
PT-2025-8532 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists in the Linux kernel related to the sysctl tcp l3mdev accept variable. This issue occurs because the variable can be changed concurrently while being read, whic...
UBUNTU-CVE-2023-31141
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...
Siemens SCALANCE XCM332 Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2022-1729)
A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. This plugin only works with Tenable.ot. Please...
Siemens TIM 4R-IE Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2016-4954)
The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer- variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication...
PT-2025-53177
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the qedi driver within the Linux kernel. The issue occurs in the qedi remove function, potentially triggered by concurrent execution of qedi recovery...
DEBIAN-CVE-2023-29132
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line...
CVE-2023-29132
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line...
Siemens SCALANCE W1750D Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2021-25158)
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...
RUSTSEC-2023-0031 Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...
Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...
Session Fixation Vulnerability
Description It was noticed that the easyappointments application is vulnerable to Session Fixation vulnerability. The application does not generate a new easession cookie after the user authenticate successfully into the application. A malicious user is able to create a new session cookie value a...
Exploit for Improper Access Control in Joomla Joomla\!
CVE-2023-23752 Introduction Open-source, Go-based multi-conc...
Siemens SCALANCE X-200RNA Switch Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2018-15473)
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. - OpenSSH through 7.7 is prone to a...
SUSE CVE-2005-2534
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service server crash via simultaneous TCP connections from multiple clients that use the same client certificate...
SUSE CVE-2005-3510
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service CPU consumption via a large number of simultaneous requests to list a web directory that has a large number of files...
SUSE CVE-2010-0172
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorizati...