CVE-2021-0565

In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

Design/Logic Flaw

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior ...

Arbitrary Code Execution

libwebp is vulnerable to arbitrary code execution. A use-after-free when a thread is killed earlier than expected allows an attacker to execute arbitrary code on the host OS...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Guest triggered use-after-free in Linux xen-netback

ISSUE DESCRIPTION A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux...

Researchers Discover First Known Malware Targeting Windows Containers

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher...

libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

PT-2024-11163

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the xen-netback component in the Linux kernel, where a reference to the RX task thread needs to be taken to prevent the task from being freed if the thread return...

Security Advisory - Race Condition Vulnerability in Some Huawei Products

There is a race condition vulnerability in some Huawei products. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. Vulnerability ID: HWPSIRT-2020-05257 This vulnerabili...

OPENSUSE-SU-2021:0822-1 Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly

This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 bsc1181255: - delay creation of threadpools - bin: Fix deep-element-removed log message - buffer: fix meta...

CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly unspecified other impact...

CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

Design/Logic Flaw

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

DEBIAN-CVE-2020-36329

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Design/Logic Flaw

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

PT-2021-3379 · Linux +3 · Xen-Netback +3

Name of the Vulnerable Software and Affected Versions: Linux xen-netback affected versions not specified Description: A use-after-free issue exists in Linux xen-netback due to insufficient input validation. This can be triggered by a malicious or buggy network PV frontend sending a malformed...