37 matches found
GHSA-7FQ5-7WR8-RJWJ OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination
Summary OliveTin's template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls tpl.Parsesource followed by t.Execute on this shared instance with no synchronization. When t...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel, as access to the global variable fgconsole is not properly synchronized, resulting in a use after free in confontop...
Unsynchronized Access to Shared Data in a Multithreaded Context
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Unsynchronized Access to Shared Data in a Multithreaded Context
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. The ainputsendinputevent function caches the channelcallback in a local variable and then uses it without synchronization. A concurrent closure of a channel can free or reinitialize the callback, resulting in a use after free error...
CVE-2025-52532
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...
CVE-2025-52532
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...
free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions
Summary free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if the subscription does not exist, ReplaceIndividualSubcription writes back ...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
EUVD-2026-13836
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
CVE-2026-22163
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
CVE-2026-22163
The CVE-2026-22163 entry describes a local, high-severity GPU driver vulnerability in Imagination Graphics DDK where malware can misuse the DDK kernel module IOCTL interface to subvert the GPU and perform writes to arbitrary physical memory pages. The root cause is unsynchronized access to a shar...
Imagination Graphics DDK 安全漏洞
Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from unsynchronized access to shared resources, potentially allowing the GPU to write to arbitrary physical memory pages...
ROS-20260304-73-0001
A vulnerability in the vmcihostsetupnotify function of the mm/gup.c file of the Linux operating system kernel is related to simultaneous execution using a shared resource with incorrect synchronization. Exploitation of the vulnerability allows an attacker to cause a denial of service...
EUVD-2026-8736
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfcliprdrprovidedata passes freed pDstData to XChangeProperty because the cliprdr channel thread calls xfcliprdrserverformatdataresponse which converts and uses the clipboard data without holding any lock,...
ROS-20260114-7321
A vulnerability in the net/ethtool/netlink.c component of the Linux operating system kernel is related to simultaneous execution using a shared resource with incorrect synchronization. Exploitation of the vulnerability allows an attacker to cause a denial of service...
The vulnerability of the rcu_preempt_deferred_qs_handler() function in the kernel/rcu/tree_plugin.h file of the Linux operating system allows a attacker to trigger a service failure.
The vulnerability of the rcupreemptdeferredqshandler function in the kernel/rcu/treeplugin.h header file of the Linux operating system is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability allows an attacker to trigger a...
EUVD-2021-22925
Malware in sbrugna...
The vulnerability of the T.38 discanner, a traffic analysis tool for computer networks used by Wireshark, allows a hacker to cause a service failure.
The vulnerability of the T.38 discapper, a traffic analysis tool for computer networks developed by Wireshark, is related to unsynchronized memory management. Exploiting this vulnerability can allow an attacker to cause a service failure by sending a specially crafted file or packet...