Denial Of Service (DoS)

crypto/x509 is vulnerable to denial of service DoS. The attack is possible due to concurrent reading of the request body and writing of a response by the Handler, leading to data race and application crash...

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. Bypass of boundary checks in nio.Buffer via concurrent access allows an attacker to escape the sandbox and obtain higher privileges...

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2020-1839

HUAWEI Mate 30 with versions earlier than 10.1.0.150C00E136R5P3 have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted...

DEBIAN-CVE-2020-11996

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

CVE-2020-0232

Function abcpcieissuedmaxfersync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abcpciedmauserxferclean. If this happens, abcpciestartdmaxfer and...

CVE-2020-0232

Function abcpcieissuedmaxfersync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abcpciedmauserxferclean. If this happens, abcpciestartdmaxfer and...

CVE-2020-13432

The CVE-2020-13432 entry concerns rejetto HFS (HTTP File Server) v2.3m Build 300. The connected docs confirm a remote buffer overflow that, under concurrent HTTP requests with long URIs or long headers, can trigger an invalid-pointer write access violation in hfs.exe, effectively enabling remote ...

The vulnerability of the load_aout_binary() function in the Linux operating system’s kernel allows a hacker to bypass the ASLR protection mechanism.

The vulnerability of the loadaoutbinary function in the Linux operating system arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism in programs with setuid a.out...

Unauthorized Access

Soteria is vulnerable to unauthorized access. A security identity corruption across concurrent threads occurs when multiple concurrent requests are parsed...

Soteria: security identity corruption across concurrent threads

A flaw was found in WildFly where multiple requests occurring concurrently could be handled using the identity of another request. This vulnerability occurs when using EE Security with WildFly Elytron. The largest threat from this vulnerability is data confidentiality and integrity...

Soteria: security identity corruption across concurrent threads

A flaw was found in WildFly where multiple requests occurring concurrently could be handled using the identity of another request. This vulnerability occurs when using EE Security with WildFly Elytron. The largest threat from this vulnerability is data confidentiality and integrity...

Soteria: security identity corruption across concurrent threads

A flaw was found in WildFly where multiple requests occurring concurrently could be handled using the identity of another request. This vulnerability occurs when using EE Security with WildFly Elytron. The largest threat from this vulnerability is data confidentiality and integrity...

DEBIAN-CVE-2020-12769

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...

Design/Logic Flaw

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...

CVE-2020-12769

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...

CVE-2020-12769

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...

CVE-2020-1732

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request...