2575 matches found
CVE-2022-1419
The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, and vgemgemdumbcreate will access the freed drmvgemgemobject...
CVE-2022-1419
The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, and vgemgemdumbcreate will access the freed drmvgemgemobject...
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...
GHSA-HW4G-FHCP-X5MQ Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...
GHSA-4644-HG35-55M9 Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread...
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread...
hudson.plugins.concurrent_login:concurrent-login-plugin (>=0.5 <=0.7), org.jenkins-ci.main:jenkins-test-harness (=1.513) +4 more potentially affected by CVE-2013-2034 via org.jenkins-ci.main:jenkins-core (=1.513)
org.jenkins-ci.main:jenkins-core MAVEN version =1.513 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.main:jenkins-core and may be impacted: - hudson.plugins.concurrentlogin:concurrent-login-plugin =0.5, =0.7 -...
GHSA-37M3-QP37-X3C6 Apache Geode gfsh query vulnerability
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
PT-2022-7558 · Unknown +6 · Wpe Webkit +6
Name of the Vulnerable Software and Affected Versions: WPE WebKit versions prior to 2.36.4 WebKitGTK versions prior to 2.36.4 Description: The issue is related to errors in resource release, allowing a remote attacker to impact data integrity. It involves a logic problem in handling concurrent...
hudson.plugins.concurrent_login:concurrent-login-plugin (>=0.5 <=0.7), org.jenkins-ci.main:jenkins-test-harness (=1.513) +4 more potentially affected by CVE-2013-2033 via org.jenkins-ci.main:jenkins-core (=1.513)
org.jenkins-ci.main:jenkins-core MAVEN version =1.513 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.main:jenkins-core and may be impacted: - hudson.plugins.concurrentlogin:concurrent-login-plugin =0.5, =0.7 -...
GHSA-W3J5-Q8F2-3CQQ Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...
Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...
CVE-2022-25762
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...
DEBIAN-CVE-2022-25762
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...
CVE-2022-25762 Response mix-up with WebSocket concurrent send and close
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...
GHSA-VPQM-88C4-X4CV Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...
Important: Red Hat Security Advisory: subversion:1.10 security update
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
CVE-2022-22798
Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp...
Microsoft Windows Push Notifications Elevation of Privilege Vulnerability
Microsoft Windows Push Notifications is a push notification service from Microsoft Corporation USA. It provides a reliable way to deliver new updates.Microsoft Windows Push Notifications suffers from an elevation of privilege vulnerability. The vulnerability stems from improper handling of...
Microsoft Windows Digital Media Receiver Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Windows Digital Media Receiver, a desktop operating system from Microsoft Corporation. The vulnerability stems from improper handling of concurrent access when concurrent code needs mutually exclusive access to shared resources during th...