USN-5635-1 linux-gkeop vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

CVE-2021-36305

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB...

CVE-2021-36305

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB...

Dell Technologies Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is the PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS that stems from Dell PowerScale OneFS containing asynchronous access to shared data in the context of multi-threaded SMB CA processing. An...

GHSA-8Q64-WRFR-Q48C Data races in model

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

Data races in model

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

CVE-2020-36460

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type...

CVE-2020-36460

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type...

CVE-2020-36460

CVE-2020-36460 affects the Rust model crate: the Shared data structure implements Send and Sync regardless of the inner type, potentially enabling data races in safe Rust. Covered in multiple sources (NVD/RUSTSEC/RH Red Hat) with references to a contention issue; no explicit patch/version remedia...

CVE-2020-36460

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type...

Google Chrome post-release reuse vulnerability (CNVD-2021-45148)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability exists in Sharing in versions prior to Google Chrome 91.0.4472.114. No detailed vulnerability details are provided at this time...

GHSA-9699-GM7F-CMJV Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected...

RUSTSEC-2020-0140 `Shared` can cause a data race

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

Information disclosure

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior a...

CVE-2019-5675

NVIDIA Windows GPU Display driver software for Windows all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior a...

Five Weakest Links in Cybersecurity That Target the Supply Chain

Matan Or-El, co-founder and CEO at Panorays Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The...

CVE-2017-17450

net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows local users to bypass intended access restrictions because the xtosffingers data structure is shared across all net namespaces...

DEBIAN-CVE-2017-17448

net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared across all net namespaces...

EMC ScaleIO Local Denial of Service Vulnerability

EMC ScaleIO is a software-defined solution that converts existing DAS storage to shared data block storage using the user's existing hardware or EMC servers. A local denial of service vulnerability exists in EMC ScaleIO. An attacker could exploit this vulnerability to cause a denial of service...