Total
1495 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13173 | 1 Teradici | 2 Pcoip Graphics Agent, Pcoip Standard Agent | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe. | |||||
| CVE-2021-39686 | 1 Google | 1 Android | 2022-07-12 | 6.9 MEDIUM | 7.0 HIGH |
| In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel | |||||
| CVE-2022-33915 | 1 Amazon | 1 Hotpatch | 2022-07-05 | 4.4 MEDIUM | 7.0 HIGH |
| Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. | |||||
| CVE-2022-30028 | 1 Dradisframework | 1 Dradis | 2022-07-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. | |||||
| CVE-2020-36437 | 1 Conqueue Project | 1 Conqueue | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender<T>. | |||||
| CVE-2020-36435 | 1 Ruspiro-singleton Project | 1 Ruspiro-singleton | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks. | |||||
| CVE-2021-27216 | 1 Exim | 1 Exim | 2022-06-28 | 6.3 MEDIUM | 6.3 MEDIUM |
| Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options. | |||||
| CVE-2020-36444 | 1 Async-coap Project | 1 Async-coap | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC. | |||||
| CVE-2021-1958 | 1 Qualcomm | 76 Qca6574a, Qca6574a Firmware, Qca6574au and 73 more | 2022-06-28 | 4.4 MEDIUM | 6.4 MEDIUM |
| A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2020-36441 | 1 Abox Project | 1 Abox | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox<T> with no requirement for T: Send and T: Sync. | |||||
| CVE-2020-36445 | 1 Project | 1 Convec | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec<T>. | |||||
| CVE-2021-0564 | 1 Google | 1 Android | 2022-06-28 | 4.4 MEDIUM | 6.4 MEDIUM |
| In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665 | |||||
| CVE-2020-36446 | 1 Signal-simple Project | 1 Signal-simple | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel<T>. | |||||
| CVE-2020-36440 | 1 Libsbc Project | 1 Libsbc | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder<R>, it implements Send for any R: Read. | |||||
| CVE-2021-0476 | 1 Google | 1 Android | 2022-06-28 | 6.9 MEDIUM | 7.0 HIGH |
| In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501 | |||||
| CVE-2021-0652 | 1 Google | 1 Android | 2022-06-28 | 7.2 HIGH | 7.8 HIGH |
| In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568 | |||||
| CVE-2020-36438 | 1 Tiny Future Project | 1 Tiny Future | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future<T> does not have bounds on its Send and Sync traits. | |||||
| CVE-2020-36454 | 1 Parc Project | 1 Parc | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak<T> has an unconditional implementation of Send without trait bounds on T. | |||||
| CVE-2020-36439 | 1 Ticketed Lock Project | 1 Ticketed Lock | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket<T> and WriteTicket<T>. | |||||
| CVE-2020-36436 | 1 Unicycle Project | 1 Unicycle | 2022-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits. | |||||