| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-22412 |
667 |
|
DoS |
2023-01-13 |
2023-01-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on MX Series, or SRX Series. |
|
2 |
CVE-2022-42775 |
667 |
|
DoS Mem. Corr. |
2022-12-06 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. |
|
3 |
CVE-2022-42329 |
667 |
|
|
2022-12-07 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). |
|
4 |
CVE-2022-42328 |
667 |
|
|
2022-12-07 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). |
|
5 |
CVE-2022-39358 |
667 |
|
|
2022-10-26 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6. |
|
6 |
CVE-2022-39131 |
667 |
|
DoS Mem. Corr. |
2022-12-06 |
2022-12-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. |
|
7 |
CVE-2022-31623 |
667 |
|
DoS |
2022-05-25 |
2022-11-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
8 |
CVE-2022-31621 |
667 |
|
DoS |
2022-05-25 |
2022-11-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
9 |
CVE-2022-24946 |
667 |
|
DoS |
2022-06-15 |
2022-08-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q12DCCPU-V all versions, Mitsubishi Electric MELSEC-Q Series Q24DHCCPU-V(G) all versions, Mitsubishi Electric MELSEC-Q Series Q24/26DHCCPU-LS all versions, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELIPC Series MI5122-VW firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery. |
|
10 |
CVE-2022-24329 |
667 |
|
|
2022-02-25 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. |
|
11 |
CVE-2022-22175 |
667 |
|
DoS |
2022-01-19 |
2022-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. |
|
12 |
CVE-2022-21775 |
667 |
|
|
2022-07-06 |
2022-07-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032. |
|
13 |
CVE-2022-20016 |
667 |
|
Mem. Corr. |
2022-01-04 |
2022-01-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986. |
|
14 |
CVE-2022-3996 |
667 |
|
DoS Bypass |
2022-12-13 |
2022-12-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions. |
|
15 |
CVE-2022-0897 |
667 |
|
|
2022-03-25 |
2022-10-27 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). |
|
16 |
CVE-2021-43429 |
667 |
|
DoS |
2022-04-07 |
2022-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock. |
|
17 |
CVE-2021-41141 |
667 |
|
DoS |
2022-01-04 |
2022-11-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch. |
|
18 |
CVE-2021-39647 |
667 |
|
|
2021-12-15 |
2021-12-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A |
|
19 |
CVE-2021-38203 |
667 |
|
DoS |
2021-08-08 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info. |
|
20 |
CVE-2021-31786 |
667 |
|
|
2021-09-07 |
2022-07-12 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host. |
|
21 |
CVE-2021-31785 |
667 |
|
DoS |
2021-09-07 |
2022-05-03 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication. |
|
22 |
CVE-2021-31611 |
667 |
|
|
2021-09-07 |
2022-05-03 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication. |
|
23 |
CVE-2021-28951 |
667 |
|
DoS |
2021-03-20 |
2022-05-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. |
|
24 |
CVE-2021-20315 |
667 |
|
Bypass |
2022-02-18 |
2022-12-03 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked. |
|
25 |
CVE-2021-20291 |
667 |
|
DoS |
2021-04-01 |
2021-06-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). |
|
26 |
CVE-2021-4149 |
667 |
|
DoS |
2022-03-23 |
2022-07-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. |
|
27 |
CVE-2021-4147 |
667 |
|
DoS |
2022-03-25 |
2022-09-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. |
|
28 |
CVE-2021-3667 |
667 |
|
DoS |
2022-03-02 |
2022-10-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. |
|
29 |
CVE-2021-1622 |
667 |
|
DoS |
2021-09-23 |
2021-11-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS. |
|
30 |
CVE-2021-1123 |
667 |
|
DoS |
2021-10-29 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service. |
|
31 |
CVE-2021-0625 |
667 |
|
Mem. Corr. |
2021-10-25 |
2021-10-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996. |
|
32 |
CVE-2021-0529 |
667 |
|
Mem. Corr. |
2021-06-21 |
2021-06-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195268 |
|
33 |
CVE-2020-27035 |
667 |
|
Exec Code |
2020-12-15 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213 |
|
34 |
CVE-2020-15668 |
667 |
|
|
2020-10-01 |
2020-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
|
35 |
CVE-2020-13246 |
667 |
|
|
2020-05-20 |
2020-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. |
|
36 |
CVE-2020-12771 |
667 |
|
|
2020-05-09 |
2022-04-26 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. |
|
37 |
CVE-2020-12658 |
667 |
|
|
2020-12-31 |
2021-02-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem." |
|
38 |
CVE-2020-10573 |
667 |
|
|
2020-03-14 |
2020-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. |
|
39 |
CVE-2020-9959 |
667 |
|
|
2020-10-16 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. |
|
40 |
CVE-2020-9946 |
667 |
|
|
2020-10-16 |
2023-01-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. |
|
41 |
CVE-2020-0420 |
667 |
|
Mem. Corr. |
2020-10-14 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162383705 |
|
42 |
CVE-2020-0357 |
667 |
|
|
2020-09-17 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150225569 |
|
43 |
CVE-2019-17343 |
667 |
|
DoS +Priv |
2019-10-08 |
2022-03-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. |
|
44 |
CVE-2019-15513 |
667 |
|
|
2019-08-23 |
2021-01-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. |
|
45 |
CVE-2019-14763 |
667 |
|
|
2019-08-07 |
2022-04-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. |
|
46 |
CVE-2019-13762 |
667 |
|
|
2019-12-10 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. |
|
47 |
CVE-2019-11599 |
667 |
|
DoS +Info |
2019-04-29 |
2021-06-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. |
|
48 |
CVE-2019-10072 |
667 |
|
|
2019-06-21 |
2021-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. |
|
49 |
CVE-2019-6322 |
667 |
|
|
2019-05-29 |
2020-08-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default. |
|
50 |
CVE-2019-6321 |
667 |
|
|
2019-05-29 |
2020-08-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default. |
