Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

Improper synchronization in buttplug

An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider !Send|!Sync objects, leading to a data race...

GHSA-R7RV-2RPH-HVHJ Improper synchronization in buttplug

An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider !Send|!Sync objects, leading to a data race...

Data race in atomic-option

An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption implements Sync unconditionally, a data race can occur...

Improper Input Validation in renderdoc

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

GHSA-VHFR-V4W9-45V8 Improper Input Validation in renderdoc

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

The vulnerability of the WebAudio component in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s WebAudio component is caused by synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to execute arbitrary code jargon: “runaway” through a specially created web page...

CVE-2021-30904

A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Monterey before 12.0.1. The vulnerability stems from the possibility that a user's messages may continue to synchronize after the user exits iMessage...

Design/Logic Flaw

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches th...

CVE-2021-37617

Summary of CVE-2021-37617 : The Nextcloud Desktop Client (Windows) contains a vendor- and user-controlled uninstall search path flaw. In versions 3.0.3 through 3.2.4, the client searches for an Uninstall.exe file in a folder writable by regular users. A malicious user could place a crafted Uninst...

CVE-2021-32728

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

Security update for SUSE Manager Client Tools (moderate)

openSUSE Security Update: Security update for SUSE Manager Client Tools Announcement ID: openSUSE-SU-2021:2675-1 Rating: moderate References: 1175478 1186242 1186508 1186581 1186650 1188846 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS...

CVE-2020-36451

An issue was discovered in the rcucell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell...

CVE-2020-36442

An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait...

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Rust suffers from a command injection vulnerability that stems from the cache crate in Rust having an unconditional send and synchronization implementation for cache...

Rust 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A command injection vulnerability exists in Mozilla Rust, which stems from Rust's v9 crate and has an unconditional synchronization implementation for SyncRef . No detailed vulnerability details are currently...

Design/Logic Flaw

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions...