GSD-2022-1001119 ubifs: Fix deadlock in concurrent rename whiteout and inode writeback

ubifs: Fix deadlock in concurrent rename whiteout and inode writeback This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

Cisco Iox 竞争条件问题漏洞

Cisco Iox is a secure development environment from Cisco that combines Cisco IOS and Linux OS for secure network connectivity and development of IOT applications. The Cisco Iox application hosting environment is vulnerable to a contention condition issue, which stems from a contention condition f...

UBUNTU-CVE-2022-0897

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver-nwfilters object. This fl...

kernel: fget: check that the fd still exists after getting a ref to it

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...

ALBA-2022:0898 lvm2 bug fix and enhancement update

The lvm2 packages include complete support for handling read and write operations on physical volumes, creating volume groups from one or more physical volumes, and creating one or more logical volumes in volume groups. Bug Fixes and Enhancements: Multiple concurrent lv refreshes fail BZ2040514...

lvm2 bug fix and enhancement update

The lvm2 packages include complete support for handling read and write operations on physical volumes, creating volume groups from one or more physical volumes, and creating one or more logical volumes in volume groups. Bug Fixes and Enhancements: Multiple concurrent lv refreshes fail BZ2040514...

SUSE-SU-2022:0593-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: c3p0: - Build with log4j mapper dhcpd-formula: - Update to version 0.1.1641480250.d5bd14c make routers option optional hibernate5: - Fix potential SQL injection CVE-2020-25638 bsc1193832 mgr-libmod: - Version 4.2.7-1 require python macros for building...

GSD-2022-1000637 net: ipa: prevent concurrent replenish

net: ipa: prevent concurrent replenish This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.6 by commit 62600b0fbc6e69adfec2fca0fb6c69d10b72204...

GSD-2022-1000582 RDMA/ucma: Protect mc during concurrent multicast leaves

RDMA/ucma: Protect mc during concurrent multicast leaves This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.22 by commit...

PT-2022-7485 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to a lack of locking in the rndis response list, which could cause list corruption if two different list add operations occur at the same time. This issue...

GSD-2022-1000206 net: ipa: prevent concurrent replenish

net: ipa: prevent concurrent replenish This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.97 by commit...

CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

CVE-2022-23639 Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

GHSA-F268-65QC-98VG Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

Code injection

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

CVE-2022-23889

The CVE-2022-23889 entry concerns YzmCMS v6.3 where the comment function can be operated concurrently, enabling an attacker to generate an unusually large number of comments. The core issue is a race/concurrency condition in the comment handling code, leading to potential resource exhaustion or i...

YzmCMS 安全漏洞

Yzmcms is an open source CMS content management system for Yzmcms individual developers. an uncontrolled recursive vulnerability exists in YzmCMS v6.3, which stems from the fact that the comment function can operate concurrently and an attacker can use this vulnerability to create an unusually...