CLSA-2023-1696537325 Fix of 10 CVEs

SECURITY UPDATE: a heap-based buffer overflow - debian/patches/CVE-2018-25009.patch: add additional check to avoid read over the header - CVE-2018-25009 SECURITY UPDATE: a heap-based buffer overflow - debian/patches/CVE-2018-25010.patch: limit the filter size to not exceed the image dimensions -...

Important: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

PT-2023-8800

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc4+ Description The issue is related to a use-after-free UAF vulnerability in the cifs demultiplex thread function. This vulnerability can be exploited by an attacker to potentially execute arbitrary code...

ROS-20230918-04

A vulnerability in the Poppler PDF rendering library is related to the lack of thread checking before saving the embedded main function file in pdfunite.cc. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. A vulnerability in the Poppler PDF...

RUSTSEC-2023-0057 Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

RUSTSEC-2023-0058 Exposes reference to non-Sync data to an arbitrary thread

Affected versions do not enforce a Sync bound on the type of caller-provided value held in the plugin registry. References to these values are made accessible to arbitrary threads other than the one that constructed them. A caller could use this flaw to submit thread-unsafe data into inventory,...

PT-2023-35991 · Git +1 · Cras

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a use-of-uninitialized-value. The crash occurs in the following functions: dev io capture, dev io run, and audi...

ICYMI: Emotet Reappeared Early This Year, Unfortunately

ICYMI: Emotet Reappeared Early This Year, Unfortunately By Adithya Chandra and Joao Marques · September 1, 2023 This blog was also written by Raghav Kapoor Executive Summary Emotet first appeared in 2014 and continues to be a dangerous and resilient malware, despite attempts by law enforcement...

[SECURITY] Fedora 37 Update: rust-1.71.1-1.fc37

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Fedora: Security Advisory for rust (FEDORA-2023-4824704a61)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that arises from the deletion of a message in a thread without the attachment being deleted, allowing normal users to still access and download the...

[SECURITY] Fedora 38 Update: rust-1.71.1-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Answer has Race Condition within a Thread

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

GHSA-52H8-C876-989C Answer has Race Condition within a Thread

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4127

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

Race condition

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4127 Race Condition within a Thread in answerdev/answer

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4127

The CVE-2023-4127 entry concerns a race condition in a thread within the GitHub project answerdev/answer, affecting versions prior to 1.1.1. Affected component is the threaded execution in the Answer repository; root cause is not explicitly detailed beyond the race condition. Practical impact is ...

answer Security breach

answer is an open source knowledge-based community software. A security vulnerability exists in answerdev/answer versions prior to 1.1.1, which stems from a conditional contention issue in threads...

PT-2023-27880 · Answer · Answer

Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.1.1 Description: The issue is related to a race condition within a thread. This condition can occur in the GitHub repository answerdev/answer. Recommendations: For versions prior to 1.1.1, update to version 1.1.1 or...