1070 matches found
PT-2026-2880
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to kexec functionality on PowerPC architectures. Specifically, if Simultaneous Multi-Threading SMT is disabled or partially enabled, attempting ...
CVE-2024-56670
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fix the issue that gsstartio crashed due to accessing null pointer Considering that in some extreme cases, when userial driver is accessed by multiple threads, Thread A is executing the open operation and...
CVE-2024-56613
In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma-numabstate Problem Description When running the hackbench program of LTP, the following memory leak is reported by kmemleak. /opt/ltp/testcases/bin/hackbench 20 thread 1000...
CVE-2024-8650
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
CVE-2024-8650 Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...
kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
A vulnerability was found in the dotaskstat function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness...
CVE-2024-33053
Memory corruption when multiple threads try to unregister the CVP buffer at the same time...
PT-2024-25096 · Qualcomm · Snapdragon +56
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue occurs due to memory corruption when multiple threads attempt to unregister the CVP buffer simultaneously. This can lead to unpredictable behavior and potential security risks...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from a potential memory corruption when multiple threads attempt to deregister the CVP buffer at the same time, without a proper synchronization mechanism...
Race Condition
Overview minio is a MinIO Python SDK for Amazon S3 Compatible Cloud Storage Affected versions of this package are vulnerable to Race Condition due to improper handling of shared resources in worker threads via the helpers.py function. An attacker can exploit this by initiating multiple asynchrono...
Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in IBM Java SE
Summary Multiple vulnerabilities were addressed in Financial Transaction Manager v4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Keycloak versions 26 and earlier are vulnerable to a denial-of-service DoS attack through improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This can lead to cost...
GHSA-PCX7-8HXG-J823 Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack...
CVE-2024-53088
In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multip...
CVE-2024-9666
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...
CVE-2024-53088 i40e: fix race condition by adding filter's intermediate sync state
In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multip...
CVE-2024-50019
...
SUSE CVE-2024-50133
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stacktop for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL vdso pointer and crash. This can...
This Week in Spring - November 5th, 2024
This Week in Spring - November 5th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 5th of November, 2024, and, um, I - an American - am desperately trying to keep calm and carry on. I did everything I can do VOTE!, and so it's with considerable enthusiasm th...