Total
1661 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-43980 | 3 Apache, Debian, Redhat | 3 Tomcat, Debian Linux, Jboss Enterprise Web Server | 2024-08-04 | 3.7 Low |
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. | ||||
CVE-2021-43566 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2024-08-04 | 2.5 Low |
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. | ||||
CVE-2021-43538 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-08-04 | 4.3 Medium |
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
CVE-2021-43411 | 1 Gnu | 1 Hurd | 2024-08-04 | 7.5 High |
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. | ||||
CVE-2021-41025 | 1 Fortinet | 1 Fortiweb | 2024-08-04 | 7.3 High |
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer. | ||||
CVE-2021-40490 | 4 Debian, Fedoraproject, Linux and 1 more | 29 Debian Linux, Fedora, Linux Kernel and 26 more | 2024-08-04 | 7.0 High |
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | ||||
CVE-2021-40015 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 4.7 Medium |
There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability. | ||||
CVE-2021-39792 | 1 Google | 1 Android | 2024-08-04 | 4.1 Medium |
In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel | ||||
CVE-2021-39735 | 1 Google | 1 Android | 2024-08-04 | 6.4 Medium |
In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A | ||||
CVE-2021-39727 | 1 Google | 1 Android | 2024-08-04 | 4.1 Medium |
In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A | ||||
CVE-2021-39713 | 2 Debian, Google | 2 Debian Linux, Android | 2024-08-04 | 7.0 High |
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel | ||||
CVE-2021-39679 | 1 Google | 1 Android | 2024-08-04 | 7.0 High |
In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188745089References: N/A | ||||
CVE-2021-39712 | 1 Google | 1 Android | 2024-08-04 | 6.4 Medium |
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A | ||||
CVE-2021-39660 | 1 Google | 1 Android | 2024-08-04 | 7.0 High |
In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-254742984 | ||||
CVE-2021-39686 | 1 Google | 1 Android | 2024-08-04 | 7.0 High |
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel | ||||
CVE-2021-39648 | 1 Google | 1 Android | 2024-08-04 | 4.1 Medium |
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel | ||||
CVE-2021-39642 | 1 Google | 1 Android | 2024-08-04 | 6.4 Medium |
In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A | ||||
CVE-2021-39629 | 1 Google | 1 Android | 2024-08-04 | 7.0 High |
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344 | ||||
CVE-2021-39212 | 1 Imagemagick | 1 Imagemagick | 2024-08-04 | 4.4 Medium |
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />. | ||||
CVE-2021-38587 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 7.5 High |
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). |