tomcat: Apache Tomcat HTTP/2 Request mix-up

A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - fro...

The vulnerability of the dbus utility in the “Avrora” operating system allows a hacker to trigger the racing mode and perform a service denial.

The vulnerability of the dbus utility in the “Avrora” operating system is related to the simultaneous, numerous accesses by an application to the hardware components. Exploiting this vulnerability allows a perpetrator to trigger a race condition and cause a service failure by running multiple...

FreeBSD 竞争条件问题漏洞

FreeBSD is a set of Unix-like operating systems from the Freebsd Foundation. FreeBSD suffers from a Competing Conditions Problem vulnerability that arises from improper handling of concurrent accesses during operation of a networked system or product where concurrent code requires mutually...

PT-2021-4740 · Apple · Webkit +1

Name of the Vulnerable Software and Affected Versions: Mac OS affected versions not specified Description: The issue is related to a module for displaying web pages in WebKit, which is part of the Mac OS operating system family. It involves the possibility of concurrent execution using a shared...

Puma 环境问题漏洞

Puma is a web server for highly concurrent applications by Evan Phoenix, an individual developer in the United States. Puma is vulnerable to an environmental issue that arises from improper design or implementation during code development of a web system or product...

Mozilla Rust Buffer Overflow Vulnerability (CNVD-2021-85300)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause errors in data contention in concurrent programs...

Huawei HarmonyOS 竞争条件问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition issue vulnerability exists in Huawei HarmonyOS, which arises from improper handling of concurrent accesses when a component of the...

Data races in v9

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...

GHSA-PFJQ-935C-4895 Data races in v9

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...

Data races in tiny_future

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

GHSA-M296-J53X-XV95 Data races in tiny_future

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

GHSA-VJ88-5667-W56P Singleton lacks bounds on Send and Sync.

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

Singleton lacks bounds on Send and Sync.

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

GHSA-JWPH-QP5H-F9WJ Data races in bunch

An issue was discovered in the bunch crate through 2020-11-12 for Rust. Affected versions of this crate unconditionally implements Send/Sync for Bunch. This allows users to insert T: !Sync to Bunch. It is possible to create a data race to a T: !Sync by invoking the Bunch::get API which returns &T...

Data races in async-coap

An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Affected versions of this crate implement Send/Sync for ArcGuard with no trait bounds on RC. This allows users to send RC: !Send to other threads and also allows users to concurrently access Rc: !Sync from multiple...

Data race in tiny_future

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

GHSA-FG42-VWXX-XX5J Data race in tiny_future

tinyfuture contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c79191...

Data race in ruspiro-singleton

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

GHSA-FQQ2-XP7M-XVM8 Data race in ruspiro-singleton

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

Data races in parc

In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...