Search
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0423 | 2 Debian, Google | 2 Debian Linux, Android | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A | |||||
| CVE-2020-12771 | 6 Canonical, Debian, Linux and 3 more | 37 Ubuntu Linux, Debian Linux, Linux Kernel and 34 more | 2022-04-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. | |||||
| CVE-2021-20315 | 2 Centos, Gnome | 2 Stream, Gnome-shell | 2022-02-28 | 3.6 LOW | 6.1 MEDIUM |
| A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. | |||||
| CVE-2022-22175 | 1 Juniper | 45 Junos, Mx10, Mx10000 and 42 more | 2022-01-26 | 4.3 MEDIUM | 7.5 HIGH |
| An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. | |||||
| CVE-2022-20016 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2022-01-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986. | |||||
| CVE-2021-39656 | 1 Google | 1 Android | 2021-12-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel | |||||
| CVE-2021-39647 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A | |||||
| CVE-2020-29661 | 6 Broadcom, Debian, Fedoraproject and 3 more | 18 Fabric Operating System, Debian Linux, Fedora and 15 more | 2021-11-30 | 7.2 HIGH | 7.8 HIGH |
| A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |||||
| CVE-2020-29660 | 5 Broadcom, Debian, Fedoraproject and 2 more | 17 Fabric Operating System, Debian Linux, Fedora and 14 more | 2021-11-30 | 2.1 LOW | 4.4 MEDIUM |
| A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. | |||||
| CVE-2021-1622 | 1 Cisco | 13 7600 Router, Asr 901-12c-f-d, Asr 901-12c-ft-d and 10 more | 2021-11-23 | 4.3 MEDIUM | 8.6 HIGH |
| A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS. | |||||
| CVE-2021-41213 | 1 Google | 1 Tensorflow | 2021-11-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2019-1732 | 1 Cisco | 18 Nexus 3000, Nexus 3100, Nexus 3100-z and 15 more | 2021-11-03 | 6.9 MEDIUM | 6.4 MEDIUM |
| A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device. | |||||
| CVE-2021-0625 | 1 Google | 1 Android | 2021-10-26 | 7.2 HIGH | 6.7 MEDIUM |
| In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996. | |||||
| CVE-2018-0381 | 1 Cisco | 1 Aironet Access Points | 2021-09-13 | 5.5 MEDIUM | 6.8 MEDIUM |
| A vulnerability in the Cisco Aironet Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a deadlock condition that may occur when an affected AP attempts to dequeue aggregated traffic that is destined to an attacker-controlled wireless client. An attacker who can successfully transition between multiple Service Set Identifiers (SSIDs) hosted on the same AP while replicating the required traffic patterns could trigger the deadlock condition. A watchdog timer that detects the condition will trigger a reload of the device, resulting in a DoS condition while the device restarts. | |||||
| CVE-2020-27035 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213 | |||||
| CVE-2020-0357 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150225569 | |||||
| CVE-2020-0420 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162383705 | |||||
| CVE-2021-0529 | 1 Google | 1 Android | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195268 | |||||
| CVE-2019-11599 | 1 Linux | 1 Linux Kernel | 2021-06-14 | 6.9 MEDIUM | 7.0 HIGH |
| The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. | |||||
| CVE-2019-14898 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2021-06-14 | 6.9 MEDIUM | 7.0 HIGH |
| The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. | |||||
| CVE-2021-20291 | 3 Fedoraproject, Redhat, Storage Project | 4 Fedora, Enterprise Linux, Openshift Container Platform and 1 more | 2021-06-02 | 7.1 HIGH | 6.5 MEDIUM |
| A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). | |||||
| CVE-2021-31422 | 1 Parallels | 1 Parallels Desktop | 2021-05-10 | 4.4 MEDIUM | 7.5 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527. | |||||
| CVE-2021-31427 | 1 Parallels | 1 Parallels Desktop | 2021-05-05 | 1.9 LOW | 5.6 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13082. | |||||
| CVE-2020-12658 | 2 Debian, Gssproxy Project | 2 Debian Linux, Gssproxy | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem." | |||||
| CVE-2019-15513 | 2 Motorola, Openwrt | 5 C1 Mwr03, C1 Mwr03 Firmware, Cx2l Mwr04l and 2 more | 2021-01-03 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. | |||||
| CVE-2019-3901 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, Active Iq Unified Manager For Vmware Vsphere and 8 more | 2020-12-04 | 1.9 LOW | 4.7 MEDIUM |
| A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. | |||||
| CVE-2020-9946 | 1 Apple | 3 Ipad Os, Iphone Os, Watchos | 2020-11-15 | 4.6 MEDIUM | 6.8 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. | |||||
| CVE-2020-9959 | 1 Apple | 2 Ipad Os, Iphone Os | 2020-11-15 | 2.1 LOW | 2.4 LOW |
| A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. | |||||
| CVE-2019-1649 | 1 Cisco | 190 1120 Connected Grid Router, 1240 Connected Grid Router, 15454-m-wse-k9 and 187 more | 2020-10-16 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform. | |||||
| CVE-2020-15668 | 1 Mozilla | 1 Firefox | 2020-10-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | |||||
| CVE-2018-15390 | 1 Cisco | 1 Firepower Threat Defense | 2020-08-31 | 7.1 HIGH | 6.8 MEDIUM |
| A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition. | |||||
| CVE-2019-5886 | 1 Shopxo | 1 Shopxo | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation. | |||||
| CVE-2019-6322 | 1 Hp | 8 Z4 G4 Core-x Workstation, Z4 G4 Core-x Workstation Firmware, Z4 G4 Workstation and 5 more | 2020-08-24 | 9.0 HIGH | 6.8 MEDIUM |
| HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default. | |||||
| CVE-2019-6321 | 1 Hp | 8 Z4 G4 Core-x Workstation, Z4 G4 Core-x Workstation Firmware, Z4 G4 Workstation and 5 more | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default. | |||||
| CVE-2019-13762 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. | |||||
| CVE-2018-1000127 | 4 Canonical, Debian, Memcached and 1 more | 4 Ubuntu Linux, Debian Linux, Memcached and 1 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. | |||||
| CVE-2019-6156 | 1 Lenovo | 354 330-14igm, 330-14igm Firmware, 330-15igm and 351 more | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. | |||||
| CVE-2020-13246 | 1 Gitea | 1 Gitea | 2020-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. | |||||
| CVE-2020-10573 | 1 Meetecho | 1 Janus | 2020-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. | |||||