Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17185 | 2 Freeradius, Opensuse | 2 Freeradius, Leap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. | |||||
| CVE-2019-16137 | 1 Spin-rs Project | 1 Spin-rs | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. | |||||
| CVE-2018-4027 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability. | |||||
| CVE-2018-25008 | 1 Rust-lang | 1 Rust | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions. | |||||
| CVE-2018-15555 | 1 Actiontec | 2 Web6000q, Web6000q Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers. | |||||