OESA-2026-2390 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...

OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure

Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...

Bluetooth RFCOMM 1.1 Signal-Triggered Air-Gap Interaction

This project demonstrates how Flipper Zero can be used to interact with devices in an Air-Gap context using Bluetooth RFCOMM signals. The system monitors RSSI signal strength and uses statistical peak detection Z-Score analysis to identify significant signal spikes from target devices. When a pea...

[SECURITY] Fedora 42 Update: dtklog-0.0.2-8.fc42

Simple, convenient and thread safe logger for Qt-based C++ apps...

[SECURITY] Fedora 42 Update: dtk6log-0.0.2-13.fc42

Simple, convenient and thread safe logger for Qt-based C++ apps...

riscv: VMAP_STACK overflow detection thread-safe

...

Linux Distros Unpatched Vulnerability : CVE-2023-51847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoapcontextt function in the src/coapthreadsafe.c:297:3...

[SECURITY] Fedora 42 Update: dtk6log-0.0.2-7.fc42

Simple, convenient and thread safe logger for Qt-based C++ apps...

Allocation of Resources Without Limits or Throttling

Overview xgrammar is an Efficient, Flexible and Portable Structured Generation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in threadsafecache.h, which can be populated by an indefinitely large number of entries corresponding to each new...

CVE-2024-39508

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: Use setbit and testbit at worker-flags Utilize setbit and testbit on worker-flags within iouring/io-wq to address potential data races. The structure ioworker-flags may be accessed through various data paths, leadi...

CVE-2023-52761 riscv: VMAP_STACK overflow detection thread-safe

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAPSTACK overflow detection thread-safe commit 31da94c25aea "riscv: add VMAPSTACK overflow detection" added support for CONFIGVMAPSTACK. If overflow is detected, CPU switches to shadowstack temporarily before switching...

CVE-2023-52761 riscv: VMAP_STACK overflow detection thread-safe

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAPSTACK overflow detection thread-safe commit 31da94c25aea "riscv: add VMAPSTACK overflow detection" added support for CONFIGVMAPSTACK. If overflow is detected, CPU switches to shadowstack temporarily before switching...

CVE-2023-52761 riscv: VMAP_STACK overflow detection thread-safe

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAPSTACK overflow detection thread-safe commit 31da94c25aea "riscv: add VMAPSTACK overflow detection" added support for CONFIGVMAPSTACK. If overflow is detected, CPU switches to shadowstack temporarily before switching...

[SECURITY] Fedora 38 Update: cachelib-17^20231016-1.fc38

CacheLib is a C++ library providing in-process high performance caching mechanism. CacheLib provides a thread safe API to build high throughput, low overhead caching services, with built-in ability to leverage DRAM and SSD caching transparently...

[SECURITY] Fedora 37 Update: cachelib-17^20231016-1.fc37

CacheLib is a C++ library providing in-process high performance caching mechanism. CacheLib provides a thread safe API to build high throughput, low overhead caching services, with built-in ability to leverage DRAM and SSD caching transparently...

GHSA-3GXF-9R58-2GHG `openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

RUSTSEC-2023-0022 `openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

`openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

CVE-2022-40960

CVE-2022-40960: Concurrent use of the URL parser with non-UTF-8 data is not thread-safe, causing a use-after-free and potentially exploitable crash. Affected products include Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox