69 matches found
CVE-2026-54778
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to...
CVE-2026-54778
CVE-2026-54778 : CoreWCF UnixDomainSocket suffers a race in POSIX peer identity resolution due to non-reentrant getpwuid/getgrgid calls, allowing identity misattribution or host process crash under contention. Affected versions are prior to 1.8.1 and 1.9.1; fixed in 1.8.1 and 1.9.1. Impact is lim...
CVE-2026-54778 CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to...
Exploit for Use After Free in Google Chrome
CVE-2026-13036 — Use-After-Free in Blink WidgetBase::UpdateS...
CVE-2026-53106
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfreercu, callrcu or callrcutaskstrace in NMI or reentrant. Since deleting selem in NMI i...
CVE-2026-53106 bpf: Do not allow deleting local storage in NMI
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfreercu, callrcu or callrcutaskstrace in NMI or reentrant. Since deleting selem in NMI i...
CVE-2026-54905 concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...
GHSA-WV3X-4VXV-WHPP Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...
Wrap-around Error
Overview Affected versions of this package are vulnerable to Wrap-around Error in ReentrantReadWriteLock that causes incorrect write locks. An attacker can cause a thread to incorrectly obtain a write lock without exclusivity by repeatedly acquiring the read lock 32,768 times, which overflows the...
Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...
GHSA-Q6V9-43V5-JV9Q CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another getpwuid/getgrgid non-reentrant and may crash the host process under contention. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Restrict UDS filesystem permissions so that only trust...
GHSA-9PPP-W3G4-FH4Q Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close
Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...
PT-2026-51091
Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after a single thread acquires the read lock 32,768 times. The lock manages a thread's local read and write hold counts...
CVE-2026-47270
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...
EUVD-2026-32655
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...
CVE-2026-47270
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...
pam_usb 竞争条件问题漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 contained a race condition vulnerability. This vulnerability stemmed from the use of non-reentrant functions like strtok, which led to race conditions...
PT-2026-44115
Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.0 Description This issue occurs in the deny remote feature of the PAM module, which is loaded into host processes such as sudo, login, GDM, and GNOME Shell. In multi-threaded environments like GDM, three functions...
CVE-2026-44059
A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...
EUVD-2026-31233
A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...