2562 matches found
SUSE CVE-2005-3510
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service CPU consumption via a large number of simultaneous requests to list a web directory that has a large number of files...
SUSE CVE-2010-0172
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorizati...
SUSE CVE-2011-1486
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service crash by causing multiple threads to report errors at the same time...
SUSE CVE-2016-2774
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...
SUSE CVE-2016-5242
The p2mteardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service NULL pointer dereference and host OS crash by creating concurrent domains and holding references to them, related to VMID exhaustion...
SUSE CVE-2016-8745
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...
SUSE CVE-2017-10913
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1...
SUSE CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...
SUSE CVE-2018-10902
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...
SUSE CVE-2018-19364
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to for example a use-after-free outcome...
SUSE CVE-2019-17185
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads use the same BNCTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a...
SUSE CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...
SUSE CVE-2020-15586
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...
SUSE CVE-2020-35513
A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...
SUSE CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...
SUSE CVE-2022-22677
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...
SUSE CVE-2022-40960
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2023-0739
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...
CVE-2023-0739 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in answerdev/answer
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...
PT-2023-16492 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.4 Description: The issue is related to a Race Condition, which occurs due to concurrent execution using a shared resource with improper synchronization. This problem is identified in the GitHub repositor...