2562 matches found
CVE-2021-36181
A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...
iptables bug fix and enhancement update
The iptables utility controls the network packet filtering code in the Linux kernel. Bug Fixes and Enhancements: iptables-nft returns incorrect result for -C when concurrently running BZ1990016...
iptables bug fix and enhancement update
An update is available for iptables. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The iptables utility controls the network packet filtering code in the Linux...
多款Qualcomm产品安全漏洞
The Qualcomm QCA6574AU and others are products of Qualcomm Incorporated, U.S.A. The QCA6574AU is a central processing unit CPU product.The SDX24 is a modem.The SDX55 is a modem.The QCA6574AU is a central processing unit CPU product.The SDX24 is a modem.The SDX55 is a modem. A security vulnerabili...
The vulnerability relates to the SAPI extension of the PHP-FPM process runner, which is a PHP programming language interpreter. This vulnerability allows attackers to elevate their privileges to root.
The vulnerability of the SAPI extension for the PHP-FPM process interpreter involves access control issues when the processes are executed simultaneously. Exploiting this vulnerability can allow an attacker to gain elevated privileges to root...
tomcat: Apache Tomcat HTTP/2 Request mix-up
A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - fro...
The vulnerability of the dbus utility in the “Avrora” operating system allows a hacker to trigger the racing mode and perform a service denial.
The vulnerability of the dbus utility in the “Avrora” operating system is related to the simultaneous, numerous accesses by an application to the hardware components. Exploiting this vulnerability allows a perpetrator to trigger a race condition and cause a service failure by running multiple...
FreeBSD 竞争条件问题漏洞
FreeBSD is a set of Unix-like operating systems from the Freebsd Foundation. FreeBSD suffers from a Competing Conditions Problem vulnerability that arises from improper handling of concurrent accesses during operation of a networked system or product where concurrent code requires mutually...
PT-2021-4740 · Apple · Webkit +1
Name of the Vulnerable Software and Affected Versions: Mac OS affected versions not specified Description: The issue is related to a module for displaying web pages in WebKit, which is part of the Mac OS operating system family. It involves the possibility of concurrent execution using a shared...
Puma 环境问题漏洞
Puma is a web server for highly concurrent applications by Evan Phoenix, an individual developer in the United States. Puma is vulnerable to an environmental issue that arises from improper design or implementation during code development of a web system or product...
Mozilla Rust Buffer Overflow Vulnerability (CNVD-2021-85300)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause errors in data contention in concurrent programs...
Huawei HarmonyOS 竞争条件问题漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition issue vulnerability exists in Huawei HarmonyOS, which arises from improper handling of concurrent accesses when a component of the...
GHSA-PFJQ-935C-4895 Data races in v9
Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...
Data races in v9
Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...
Data races in tiny_future
tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...
GHSA-M296-J53X-XV95 Data races in tiny_future
tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...
Singleton lacks bounds on Send and Sync.
Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...
GHSA-VJ88-5667-W56P Singleton lacks bounds on Send and Sync.
Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...
GHSA-JWPH-QP5H-F9WJ Data races in bunch
An issue was discovered in the bunch crate through 2020-11-12 for Rust. Affected versions of this crate unconditionally implements Send/Sync for Bunch. This allows users to insert T: !Sync to Bunch. It is possible to create a data race to a T: !Sync by invoking the Bunch::get API which returns &T...
Data races in async-coap
An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Affected versions of this crate implement Send/Sync for ArcGuard with no trait bounds on RC. This allows users to send RC: !Send to other threads and also allows users to concurrently access Rc: !Sync from multiple...