Lucene search
K

81 matches found

OSV
OSV
added 2026/06/24 5:38 p.m.3 views

GHSA-7FQ5-7WR8-RJWJ OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination

Summary OliveTin's template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls tpl.Parsesource followed by t.Execute on this shared instance with no synchronization. When t...

7.5CVSS6.1AI score0.00401EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. The ainputsendinputevent function caches the channelcallback in a local variable and then uses it without synchronization. A concurrent closure of a channel can free or reinitialize the callback, resulting in a use after free error...

8.7CVSS5.8AI score0.00467EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-52918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last...

8.8CVSS5.8AI score0.00266EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw in the Linux kernel is found in the nfcmrvlnciunregisterdev function in the drivers/nfc/nfcmrvl/main.c file. This flaw can cause both read and write operations to be performed after the device has been freed, without synchronization between the cleanup routine and the firmware download...

7CVSS6.5AI score0.0052EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel, as access to the global variable fgconsole is not properly synchronized, resulting in a use after free in confontop...

7CVSS6.6AI score0.01026EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/27 7:40 p.m.13 views

CVE-2026-46045

A flaw was found in the Linux kernel, specifically within the multiple device MD driver's bitmap handling. This vulnerability allows the system to read outdated or incomplete data from storage devices that are not fully synchronized. This can lead to errors in tracking changes to data, which may...

7.8CVSS5.8AI score0.00127EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/22 1:11 p.m.11 views

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.6CVSS5.8AI score0.00077EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 1:11 p.m.13 views

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

5.6CVSS5.8AI score0.00077EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 2:59 a.m.37 views

CVE-2025-52532

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...

2CVSS0.00072EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:59 a.m.6 views

CVE-2025-52532

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...

2CVSS5.9AI score0.00072EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 10:41 p.m.11 views

free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions

Summary free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if the subscription does not exist, ReplaceIndividualSubcription writes back ...

6.5CVSS5.9AI score0.00268EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/24 6:39 p.m.10 views

CVE-2026-31583

A flaw was found in the Linux kernel's em28xx media driver. This vulnerability, a type of memory corruption, arises from a race condition where the driver attempts to use memory that has already been freed or access a null pointer. This can be triggered when the em28xxv4l2open function is called...

7.8CVSS5.3AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/10 12:10 p.m.3 views

CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...

6CVSS5.8AI score0.00243EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/04/08 5:18 a.m.6 views

freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...

8.7CVSS6AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/07 11:16 p.m.0 views

freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...

8.7CVSS6AI score0.00467EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/21 12:31 a.m.7 views

EUVD-2026-13836

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...

6AI score0.00078EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:52 p.m.4 views

CVE-2026-22163

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...

6AI score0.00078EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 10:52 p.m.13 views

CVE-2026-22163

The CVE-2026-22163 entry describes a local, high-severity GPU driver vulnerability in Imagination Graphics DDK where malware can misuse the DDK kernel module IOCTL interface to subvert the GPU and perform writes to arbitrary physical memory pages. The root cause is unsynchronized access to a shar...

7.8CVSS6AI score0.00078EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from unsynchronized access to shared resources, potentially allowing the GPU to write to arbitrary physical memory pages...

7.8CVSS5.9AI score0.00078EPSS
Exploits0References1
Redos
Redos
added 2026/03/04 12:0 a.m.3 views

ROS-20260304-73-0001

A vulnerability in the vmcihostsetupnotify function of the mm/gup.c file of the Linux operating system kernel is related to simultaneous execution using a shared resource with incorrect synchronization. Exploitation of the vulnerability allows an attacker to cause a denial of service...

7CVSS7.3AI score0.00129EPSS
Exploits0
Rows per page
Query Builder