Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12769 | 5 Canonical, Debian, Linux and 2 more | 36 Ubuntu Linux, Debian Linux, Linux Kernel and 33 more | 2022-05-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | |||||
| CVE-2019-17185 | 2 Freeradius, Opensuse | 2 Freeradius, Leap | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. | |||||
| CVE-2019-17344 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-03-31 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. | |||||
| CVE-2022-25210 | 1 Jenkins | 1 Convertigo Mobile Platform | 2022-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | |||||
| CVE-2021-0147 | 1 Intel | 1 Power Management Controller | 2022-02-15 | 2.1 LOW | 4.4 MEDIUM |
| Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-7457 | 1 Freebsd | 1 Freebsd | 2022-01-04 | 6.8 MEDIUM | 8.1 HIGH |
| In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution. | |||||
| CVE-2021-30904 | 1 Apple | 1 Macos | 2021-12-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage. | |||||
| CVE-2016-8368 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2021-09-13 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. | |||||
| CVE-2021-20592 | 1 Mitsubishielectric | 7 Got2000 Gt23, Got2000 Gt23 Firmware, Got2000 Gt25 and 4 more | 2021-08-27 | 7.8 HIGH | 7.5 HIGH |
| Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover. | |||||
| CVE-2020-3471 | 1 Cisco | 1 Webex Meetings Server | 2021-08-06 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. | |||||
| CVE-2020-36211 | 1 Devolutions | 1 Gfwx | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||
| CVE-2020-36220 | 1 Va-ts Project | 1 Va-ts | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur. | |||||
| CVE-2020-36217 | 1 May Queue Project | 1 May Queue | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur. | |||||
| CVE-2020-36216 | 1 Petabi | 1 Eventio | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur. | |||||
| CVE-2020-36215 | 1 Hashconsing Project | 1 Hashconsing | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur. | |||||
| CVE-2020-36208 | 1 Conquer-once Project | 1 Conquer-once | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. | |||||
| CVE-2020-36207 | 1 Aovec Project | 1 Aovec | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||
| CVE-2020-36206 | 1 Rusb Project | 1 Rusb | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. | |||||
| CVE-2020-13759 | 1 Vm-memory Project | 1 Vm-memory | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl). | |||||
| CVE-2019-5675 | 1 Nvidia | 1 Gpu Driver | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure. | |||||