Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-0565 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174801970 | |||||
CVE-2021-0432 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173552790 | |||||
CVE-2021-34462 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 4.6 MEDIUM | 7.0 HIGH |
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||
CVE-2020-36445 | 1 Project | 1 Convec | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec<T>. | |||||
CVE-2020-11262 | 1 Qualcomm | 778 Apq8009, Apq8009 Firmware, Apq8009w and 775 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2021-0564 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665 | |||||
CVE-2021-22340 | 1 Huawei | 2 Manageone, Smc2.0 | 2024-02-28 | 4.7 MEDIUM | 4.1 MEDIUM |
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931 | |||||
CVE-2020-36444 | 1 Async-coap Project | 1 Async-coap | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC. | |||||
CVE-2021-29952 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. | |||||
CVE-2021-31004 | 1 Apple | 1 Macos | 2024-02-28 | 5.1 MEDIUM | 7.0 HIGH |
A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. | |||||
CVE-2021-21005 | 1 Phoenixcontact | 30 Fl Nat Smn 8tx, Fl Nat Smn 8tx-m, Fl Nat Smn 8tx-m Firmware and 27 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards. | |||||
CVE-2021-36221 | 5 Debian, Fedoraproject, Golang and 2 more | 6 Debian Linux, Fedora, Go and 3 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | |||||
CVE-2021-30996 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-1900 | 1 Qualcomm | 180 Apq8009, Apq8009 Firmware, Apq8009w and 177 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2021-24000 | 1 Mozilla | 1 Firefox | 2024-02-28 | 2.6 LOW | 3.1 LOW |
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88. | |||||
CVE-2021-29265 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. | |||||
CVE-2021-30995 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-28 | 5.1 MEDIUM | 7.0 HIGH |
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges. | |||||
CVE-2020-36440 | 1 Libsbc Project | 1 Libsbc | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder<R>, it implements Send for any R: Read. | |||||
CVE-2021-0443 | 1 Google | 1 Android | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-170474245 | |||||
CVE-2021-25158 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |