MediaTek 芯片竞争条件问题漏洞

MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...

GSD-2022-1002856 btrfs: fix deadlock between concurrent dio writes when low on free data space

btrfs: fix deadlock between concurrent dio writes when low on free data space This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

RLSA-2022:4941 Important: subversion:1.14 security update

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fixes: subversion: Subversion's moddavsvn is vulnerable to memory corruption...

CVE-2022-1419

The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, and vgemgemdumbcreate will access the freed drmvgemgemobject...

CVE-2022-1419

The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, and vgemgemdumbcreate will access the freed drmvgemgemobject...

Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...

GHSA-HW4G-FHCP-X5MQ Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...

GHSA-4644-HG35-55M9 Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread...

Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread...

hudson.plugins.concurrent_login:concurrent-login-plugin (>=0.5 <=0.7), org.jenkins-ci.main:jenkins-test-harness (=1.513) +4 more potentially affected by CVE-2013-2034 via org.jenkins-ci.main:jenkins-core (=1.513)

org.jenkins-ci.main:jenkins-core MAVEN version =1.513 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.main:jenkins-core and may be impacted: - hudson.plugins.concurrentlogin:concurrent-login-plugin =0.5, =0.7 -...

GHSA-37M3-QP37-X3C6 Apache Geode gfsh query vulnerability

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

PT-2022-7558 · Unknown +6 · Wpe Webkit +6

Name of the Vulnerable Software and Affected Versions: WPE WebKit versions prior to 2.36.4 WebKitGTK versions prior to 2.36.4 Description: The issue is related to errors in resource release, allowing a remote attacker to impact data integrity. It involves a logic problem in handling concurrent...

hudson.plugins.concurrent_login:concurrent-login-plugin (>=0.5 <=0.7), org.jenkins-ci.main:jenkins-test-harness (=1.513) +4 more potentially affected by CVE-2013-2033 via org.jenkins-ci.main:jenkins-core (=1.513)

org.jenkins-ci.main:jenkins-core MAVEN version =1.513 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.main:jenkins-core and may be impacted: - hudson.plugins.concurrentlogin:concurrent-login-plugin =0.5, =0.7 -...

Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...

GHSA-W3J5-Q8F2-3CQQ Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...

CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

DEBIAN-CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

CVE-2022-25762 Response mix-up with WebSocket concurrent send and close

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

GHSA-VPQM-88C4-X4CV Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...

Important: Red Hat Security Advisory: subversion:1.10 security update

An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...