Netgear NETGEAR JGS516PE 资源管理错误漏洞

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A denial of service vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP server not being able to handle multiple connections. An attacker could exploit the...

Fedora: Security Advisory for subversion (FEDORA-2021-16e51e39a6)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

subversion:1.10 security update

An update is available for subversion, utf8proc, libserf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system...

tomcat: Apache Tomcat HTTP/2 Request mix-up

A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - fro...

Google Android Competitive Conditions Issue Vulnerability

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android OS suffers from a competitive conditions issue vulnerability that arises from improper handling of concurrent access when concurrent code requires mutually exclusive access ...

RUSTSEC-2020-0101 conquer-once's OnceCell lacks Send bound for its Sync trait.

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

PT-2021-7780 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10 Description: An issue in the Linux kernel's netfilter component can cause a use-after-free in the packet processing context due to mishandled per-CPU sequence counts during concurrent iptables rules...

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

SUSE SLES12 Security Update : glibc (SUSE-SU-2020:3024-1)

This update for glibc fixes the following issues : CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero bsc1165784 Use posixspawn on popen bsc1149332, bsc1176013 Correct locking and cancellation cleanup in syslog functions bsc1172085 Fixed concurrent changes on nscd aware...

RUSTSEC-2020-0118 Future<T> lacks bounds on Send and Sync.

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

Future<T> lacks bounds on Send and Sync.

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

Cloudbees Jenkins CVS Plugin Code Issue Vulnerability

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

The vulnerability of the get_user_pages() function allows a hacker to trigger a service failure.

The vulnerability of the getuserpages function is related to errors during multi-threaded operations race conditions. Exploiting this vulnerability could allow a hacker to cause service failures...

CVE-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

GaussDB Kernel: Setting the Maximum Number of Concurrent Connections to the Database

maxconnections specifies the maximum concurrent connections to the database. Increasing the value of this parameter may cause GaussDB Kernel to request System V to share more memory or semaphore. If this occurs, the shared memory or semaphore will exceed the default value allowed by the OS. When...

The vulnerability in the driver/xen/events/events_base.c component of Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the drivers/xen/events/eventsbase.c component in Linux operating systems arises from the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause a service failure...

Singleton lacks bounds on Send and Sync.

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

RUSTSEC-2020-0115 Singleton lacks bounds on Send and Sync.

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>

Affected versions of this crate unconditionally implement Send/Sync for RcuCell. This allows users to send T: !Send to other threads while T enclosed within RcuCell, and allows users to concurrently access T: !Sync by using the APIs of RcuCell that provide access to &T. This can result in memory...

RUSTSEC-2020-0107 hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...