81 matches found
GHSA-7FQ5-7WR8-RJWJ OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination
Summary OliveTin's template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls tpl.Parsesource followed by t.Execute on this shared instance with no synchronization. When t...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. The ainputsendinputevent function caches the channelcallback in a local variable and then uses it without synchronization. A concurrent closure of a channel can free or reinitialize the callback, resulting in a use after free error...
Linux Distros Unpatched Vulnerability : CVE-2026-52918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw in the Linux kernel is found in the nfcmrvlnciunregisterdev function in the drivers/nfc/nfcmrvl/main.c file. This flaw can cause both read and write operations to be performed after the device has been freed, without synchronization between the cleanup routine and the firmware download...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel, as access to the global variable fgconsole is not properly synchronized, resulting in a use after free in confontop...
CVE-2026-46045
A flaw was found in the Linux kernel, specifically within the multiple device MD driver's bitmap handling. This vulnerability allows the system to read outdated or incomplete data from storage devices that are not fully synchronized. This can lead to errors in tracking changes to data, which may...
Unsynchronized Access to Shared Data in a Multithreaded Context
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Unsynchronized Access to Shared Data in a Multithreaded Context
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
CVE-2025-52532
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...
CVE-2025-52532
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...
free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions
Summary free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if the subscription does not exist, ReplaceIndividualSubcription writes back ...
CVE-2026-31583
A flaw was found in the Linux kernel's em28xx media driver. This vulnerability, a type of memory corruption, arises from a race condition where the driver attempts to use memory that has already been freed or access a null pointer. This can be triggered when the em28xxv4l2open function is called...
CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map
Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
EUVD-2026-13836
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
CVE-2026-22163
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
CVE-2026-22163
The CVE-2026-22163 entry describes a local, high-severity GPU driver vulnerability in Imagination Graphics DDK where malware can misuse the DDK kernel module IOCTL interface to subvert the GPU and perform writes to arbitrary physical memory pages. The root cause is unsynchronized access to a shar...
Imagination Graphics DDK 安全漏洞
Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from unsynchronized access to shared resources, potentially allowing the GPU to write to arbitrary physical memory pages...
ROS-20260304-73-0001
A vulnerability in the vmcihostsetupnotify function of the mm/gup.c file of the Linux operating system kernel is related to simultaneous execution using a shared resource with incorrect synchronization. Exploitation of the vulnerability allows an attacker to cause a denial of service...