Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30904 | 1 Apple | 1 Macos | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage. | |||||
| CVE-2021-20592 | 1 Mitsubishielectric | 7 Got2000 Gt23, Got2000 Gt23 Firmware, Got2000 Gt25 and 4 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions 1.170C through 1.256S allows a remote unauthenticated attacker to cause DoS condition on the MODBUS/TCP slave communication function of the products by rapidly and repeatedly connecting and disconnecting to and from the MODBUS/TCP communication port on a target. Restart or reset is required to recover. | |||||
| CVE-2020-3471 | 1 Cisco | 1 Webex Meetings Server | 2023-11-07 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. | |||||
| CVE-2020-25668 | 3 Debian, Linux, Netapp | 26 Debian Linux, Linux Kernel, 500f and 23 more | 2023-11-07 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | |||||
| CVE-2019-19577 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2023-11-07 | 7.2 HIGH | 7.2 HIGH |
| An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable. | |||||
| CVE-2022-25210 | 1 Jenkins | 1 Convertigo Mobile Platform | 2023-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | |||||
| CVE-2022-23005 | 2 Jedec, Westerndigital | 4 Universal Flash Storage, Inand Eu311 Mobile Mc Ufs, Inand Eu312 Automotive Xa At Ufs and 1 more | 2023-02-08 | N/A | 8.7 HIGH |
| Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers. | |||||
| CVE-2021-41213 | 1 Google | 1 Tensorflow | 2022-10-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-36305 | 1 Dell | 1 Emc Powerscale Onefs | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. | |||||
| CVE-2022-1931 | 1 Trudesk Project | 1 Trudesk | 2022-06-08 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2018-4027 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2022-06-07 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability. | |||||
| CVE-2020-12769 | 5 Canonical, Debian, Linux and 2 more | 36 Ubuntu Linux, Debian Linux, Linux Kernel and 33 more | 2022-05-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | |||||
| CVE-2019-17185 | 2 Freeradius, Opensuse | 2 Freeradius, Leap | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. | |||||
| CVE-2019-17344 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-03-31 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. | |||||
| CVE-2020-7457 | 1 Freebsd | 1 Freebsd | 2022-01-04 | 6.8 MEDIUM | 8.1 HIGH |
| In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution. | |||||
| CVE-2016-8368 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2021-09-13 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. | |||||
| CVE-2020-36220 | 1 Va-ts Project | 1 Va-ts | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur. | |||||
| CVE-2020-36215 | 1 Hashconsing Project | 1 Hashconsing | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur. | |||||
| CVE-2020-36207 | 1 Aovec Project | 1 Aovec | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||
| CVE-2020-36211 | 1 Devolutions | 1 Gfwx | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||