Lucene search
K

2562 matches found

OSV
OSV
added 2021/08/25 8:58 p.m.20 views

GHSA-FG42-VWXX-XX5J Data race in tiny_future

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

8.1CVSS7.8AI score0.00766EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/08/25 8:58 p.m.23 views

Data race in tiny_future

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

8.1CVSS7.7AI score0.00766EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/08/25 8:58 p.m.14 views

GHSA-FQQ2-XP7M-XVM8 Data race in ruspiro-singleton

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

8.1CVSS7.8AI score0.00766EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/08/25 8:58 p.m.23 views

Data race in ruspiro-singleton

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

8.1CVSS7.6AI score0.00766EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:57 p.m.32 views

Data races in parc

In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...

8.1CVSS7.7AI score0.00833EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:51 p.m.32 views

Data races in hashconsing

Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

7.5CVSS7.5AI score0.0136EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:50 p.m.30 views

Data races in conquer-once

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

7.8CVSS7.5AI score0.00426EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:50 p.m.11 views

GHSA-3JC5-5HC5-33GJ Data races in conquer-once

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

7.8CVSS7.7AI score0.00426EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/13 12:0 a.m.36 views

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

5.9CVSS6.7AI score0.01522EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/08/03 1:37 a.m.10 views

UVI-2021-1001210 btrfs: fix deadlock with concurrent chunk allocations involving system chunks

btrfs: fix deadlock with concurrent chunk allocations involving system chunks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.5 views

Crossbeam 竞争条件问题漏洞

Crossbeam is a tool for individual developers that applies to concurrent programming. A security vulnerability exists in crossbeam-deque, which is used to build task schedulers when programming in Rust...

9.8CVSS8.3AI score0.01923EPSS
Exploits0References35
CNNVD
CNNVD
added 2021/07/22 12:0 a.m.6 views

PJSIP 竞争条件问题漏洞

PJSIP is a free and open source multimedia communications library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.A contention problem vulnerability exists in PJSIP, which stems from improper handling of concurrent access when concurrent code need...

5.9CVSS5.8AI score0.02082EPSS
Exploits0References15
Prion
Prion
added 2021/07/09 7:15 p.m.21 views

Race condition

A concurrent execution using shared resource with improper synchronization 'race condition' in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands...

6.3CVSS5.4AI score0.00503EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/07/09 6:26 p.m.14 views

CVE-2020-29014

A concurrent execution using shared resource with improper synchronization 'race condition' in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands...

6.3CVSS7.2AI score0.00503EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/06/30 12:0 a.m.4 views

PT-2021-7946 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the pfn swap entry to page function in the memory management subsystem of the Linux Kernel. This issue is related to a race condition and can be exploited by an...

8.8CVSS7.4AI score0.03882EPSS
Exploits8References405
OSV
OSV
added 2021/06/29 7:15 p.m.5 views

CVE-2021-22340

There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cau...

4.1CVSS5.8AI score0.00114EPSS
Exploits0References1
OSV
OSV
added 2021/06/24 7:15 p.m.1 views

CVE-2021-29777

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031...

6.5CVSS6.7AI score0.01369EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2021/06/23 7:0 a.m.6 views

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library which has the surprising side-effect that if an application sets up multiple concurrent transfers the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario this weakens transport security significantly.

...

5.3CVSS5.5AI score0.02979EPSS
Exploits1
CNNVD
CNNVD
added 2021/06/23 12:0 a.m.2 views

IBM DB2 安全漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 for Linux, UNIX, and Windows including Db2 Connect Server that stems from a specific...

6.5CVSS6.7AI score0.01369EPSS
Exploits0References10
NVD
NVD
added 2021/06/22 7:15 p.m.17 views

CVE-2021-22378

There is a race condition vulnerability in eCNS280TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal...

5.3CVSS0.00398EPSS
Exploits0References1
Rows per page
Query Builder