Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-32609 | 2 Google, Mediatek | 32 Android, Mt6762, Mt6768 and 29 more | 2024-02-28 | N/A | 6.4 MEDIUM |
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. | |||||
CVE-2022-1931 | 1 Trudesk Project | 1 Trudesk | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
CVE-2022-25210 | 1 Jenkins | 1 Convertigo Mobile Platform | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | |||||
CVE-2021-41213 | 1 Google | 1 Tensorflow | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
CVE-2021-36305 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. | |||||
CVE-2021-25376 | 1 Samsung | 1 Email | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. | |||||
CVE-2021-20592 | 1 Mitsubishielectric | 7 Got2000 Gt23, Got2000 Gt23 Firmware, Got2000 Gt25 and 4 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover. | |||||
CVE-2021-30904 | 1 Apple | 1 Macos | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage. | |||||
CVE-2020-25668 | 3 Debian, Linux, Netapp | 26 Debian Linux, Linux Kernel, 500f and 23 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | |||||
CVE-2018-25008 | 1 Rust-lang | 1 Rust | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions. | |||||
CVE-2020-36220 | 1 Va-ts Project | 1 Va-ts | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur. | |||||
CVE-2020-36215 | 1 Hashconsing Project | 1 Hashconsing | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur. | |||||
CVE-2020-36206 | 1 Rusb Project | 1 Rusb | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. | |||||
CVE-2020-36208 | 1 Conquer-once Project | 1 Conquer-once | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. | |||||
CVE-2020-36217 | 1 May Queue Project | 1 May Queue | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur. | |||||
CVE-2020-3471 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 5.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. | |||||
CVE-2020-36207 | 1 Aovec Project | 1 Aovec | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||
CVE-2020-14098 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | |||||
CVE-2020-36211 | 1 Devolutions | 1 Gfwx | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||
CVE-2020-36216 | 1 Petabi | 1 Eventio | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur. |