EUVD-2022-1149

Malicious code in bioql PyPI...

FreeBSD-SA-24:14.umtx

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:14.umtx Security Advisory The FreeBSD Project Topic: umtx Kernel panic or Use-After-Free Category: core Module: kern Announced: 2024-09-04 Credits: Synacktiv...

CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

CVE-2024-2193

A new cache speculation vulnerability, known as Spectre-SRC Speculative Race Conditions, was found in hw. Spectre-SRC is similar to the Spectre v1 and allows speculative use-after-free. The difference between this issue and Spectre V1 is that this issue is based on synchronization primitives with...

GhostRace: Speculative Race Conditions

ISSUE DESCRIPTION Researchers at VU Amsterdam and IBM Research have discovered GhostRace; an analysis of the behaviour of synchronisation primitives under speculative execution. Synchronisation primitives are typically formed as an unbounded loop which waits until a resource is available to be...

Race condition

In the Linux kernel, the following vulnerability has been resolved: hamradio: defer ax25 kfree after unregisternetdev There is a possible race condition use-after-free like below USE | FREE ax25sendmsg | ax25queuexmit | devqueuexmit | devqueuexmit | devxmitskb | schdirectxmit | ... xmitone |...

CVE-2022-23639 Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

Clario: Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com

Summary Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com. Steps To Reproduce Go to: https://api-ne.mackeeper.com/debug/pprof/ You will see these links: - allocs: A sampling of all past memory allocations - block: Stack traces that led to blocking on synchronization primitives...

Apache Camel: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...