Total
159 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-0529 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195268 | |||||
CVE-2021-38203 | 2 Linux, Netapp | 7 Linux Kernel, Element Software, Hci Bootstrap Os and 4 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info. | |||||
CVE-2021-31785 | 1 Actions-semi | 10 Ats2815, Ats2815 Firmware, Ats2819 and 7 more | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication. | |||||
CVE-2021-20291 | 3 Fedoraproject, Redhat, Storage Project | 4 Fedora, Enterprise Linux, Openshift Container Platform and 1 more | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). | |||||
CVE-2021-31786 | 1 Actions-semi | 10 Ats2815, Ats2815 Firmware, Ats2819 and 7 more | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host. | |||||
CVE-2021-31422 | 1 Parallels | 1 Parallels Desktop | 2023-12-10 | 4.4 MEDIUM | 7.5 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527. | |||||
CVE-2021-31427 | 1 Parallels | 1 Parallels Desktop | 2023-12-10 | 1.9 LOW | 5.6 MEDIUM |
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13082. | |||||
CVE-2020-0423 | 2 Debian, Google | 2 Debian Linux, Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A | |||||
CVE-2020-0420 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162383705 | |||||
CVE-2021-26708 | 2 Linux, Netapp | 12 Linux Kernel, 500f, A250 and 9 more | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. | |||||
CVE-2020-9959 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-10 | 2.1 LOW | 2.4 LOW |
A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. | |||||
CVE-2020-15668 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | |||||
CVE-2020-27035 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213 | |||||
CVE-2020-9946 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. | |||||
CVE-2021-28951 | 3 Fedoraproject, Linux, Netapp | 11 Fedora, Linux Kernel, A250 and 8 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. | |||||
CVE-2020-29661 | 6 Broadcom, Debian, Fedoraproject and 3 more | 18 Fabric Operating System, Debian Linux, Fedora and 15 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |||||
CVE-2020-29660 | 5 Broadcom, Debian, Fedoraproject and 2 more | 17 Fabric Operating System, Debian Linux, Fedora and 14 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. | |||||
CVE-2020-10573 | 1 Meetecho | 1 Janus | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. | |||||
CVE-2020-13246 | 1 Gitea | 1 Gitea | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. | |||||
CVE-2020-12771 | 6 Canonical, Debian, Linux and 3 more | 37 Ubuntu Linux, Debian Linux, Linux Kernel and 34 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. |