| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file. |
| An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation. |
| In the Linux kernel, the following vulnerability has been resolved:
espintcp: Fix race condition in espintcp_close()
This issue was discovered during a code audit.
After cancel_work_sync() is called from espintcp_close(),
espintcp_tx_work() can still be scheduled from paths such as
the Delayed ACK handler or ksoftirqd.
As a result, the espintcp_tx_work() worker may dereference a
freed espintcp ctx or sk.
The following is a simple race scenario:
cpu0 cpu1
espintcp_close()
cancel_work_sync(&ctx->work);
espintcp_write_space()
schedule_work(&ctx->work);
To prevent this race condition, cancel_work_sync() is
replaced with disable_work_sync(). |
| In the Linux kernel, the following vulnerability has been resolved:
tls: Fix race condition in tls_sw_cancel_work_tx()
This issue was discovered during a code audit.
After cancel_delayed_work_sync() is called from tls_sk_proto_close(),
tx_work_handler() can still be scheduled from paths such as the
Delayed ACK handler or ksoftirqd.
As a result, the tx_work_handler() worker may dereference a freed
TLS object.
The following is a simple race scenario:
cpu0 cpu1
tls_sk_proto_close()
tls_sw_cancel_work_tx()
tls_write_space()
tls_sw_write_space()
if (!test_and_set_bit(BIT_TX_SCHEDULED, &tx_ctx->tx_bitmask))
set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask);
cancel_delayed_work_sync(&ctx->tx_work.work);
schedule_delayed_work(&tx_ctx->tx_work.work, 0);
To prevent this race condition, cancel_delayed_work_sync() is
replaced with disable_delayed_work_sync(). |
| Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0. |
| Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. |
| Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. |
| Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. |
| Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack. |
| Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. |
