CVE-2024-36615

The CVE-2024-36615 entry concerns FFmpeg n7.0: a race condition in the VP9 decoder that can cause a data race if video encoding parameters are exported, with side data attached in the decoder thread while read in the output thread. Connected sources (Debian DLA-4440 and OpenSUSE/SUSE advisories) ...

CVE-2024-11708

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox 133 and Thunderbird 133...

CVE-2024-11708

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox 133 and Thunderbird 133...

UBUNTU-CVE-2024-11708

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox 133 and Thunderbird 133...

CVE-2024-11708

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox 133 and Thunderbird 133...

CVE-2024-11708

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox 133 and Thunderbird 133...

CVE-2024-11708

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox 133 and Thunderbird 133...

Security Vulnerabilities fixed in Firefox 133 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Malicious websites may have been able...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. Mozilla Firefox and Thunderbird have an unauthorized access vulnerability that is caused by a missing thread synchronization primitive. An attacker cou...

SUSE-SU-2024:4050-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 128.4.3 fixed: Folder corruption could cause Thunderbird to freeze and become unusable fixed: Message corruption could be propagated when reading mbox fixed: Folder compaction was not abandoned on shutdown fixed:...

Tornado has an HTTP cookie parsing DoS vulnerability

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. See...

CVE-2024-52804 Tornado has HTTP cookie parsing DoS vulnerability

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

CVE-2024-50294

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted e.g. because kafs saw a signal between it being queued for connection and the I/O thread picking up the call, the abort will be prioritised over the connecti...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

CVE-2024-53088

CVE-2024-53088 in the Linux kernel i40e driver describes a race condition where MAC/VLAN filters could be corrupted under heavy concurrent filter/memory operations. The root cause is a use-after-free like scenario where a filter freed by one thread is accessed by another during i40e_sync_vsi_filt...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

kernel: rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()

A hung task warning issue was found in the RCU scaling test module. When the holdoff parameter exceeds hungtasktimeoutsecs, the kernel logs a hung task warning for the rcuscalewriter kthread...

kernel: thermal/debugfs: Fix two locking issues with thermal zone debug

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointe...