CVEs classified under CWE-662, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2018-15555 — CVSS 9.8 (critical): On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by…
CVE-2024-32644 — CVSS 9.1 (critical): Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to…
CVE-2026-53277 — CVSS 8.8 (high): In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection…
CVE-2022-23005 — CVSS 8.7 (high): Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist…
CVE-2016-8368 — CVSS 8.6 (high): An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5…
CVE-2022-2962 — CVSS 7.8 (high): A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the…
CVE-2020-36208 — CVSS 7.8 (high): An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to…
CVE-2019-5675 — CVSS 7.8 (high): NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys)…
CVE-2025-27104 — CVSS 7.5 (high): vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a…
CVE-2024-7409 — CVSS 7.5 (high): A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during…
CVE-2023-2801 — CVSS 7.5 (high): Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources…
CVE-2021-20592 — CVSS 7.5 (high): Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model…
CVE-2020-36215 — CVSS 7.5 (high): An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync…
CVE-2020-14098 — CVSS 7.5 (high): The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects…
CVE-2019-17185 — CVSS 7.5 (high): In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple…
CVE-2019-16137 — CVSS 7.5 (high): An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers…
CVE-2018-4027 — CVSS 7.5 (high): An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the…
CVE-2023-45084 — CVSS 7.0 (high): An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to…
CVE-2020-25668 — CVSS 7.0 (high): A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free…
CVE-2020-36211 — CVSS 7.0 (high): An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync…
CVE-2020-36207 — CVSS 7.0 (high): An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync…
CVE-2020-36206 — CVSS 7.0 (high): An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory…
CVE-2024-30387 — CVSS 6.5 (medium): A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an…
CVE-2022-25210 — CVSS 6.5 (medium): Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers…
CVE-2021-36305 — CVSS 6.5 (medium): Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user…
CVE-2020-3471 — CVSS 6.5 (medium): A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain…
CVE-2020-14059 — CVSS 6.5 (medium): An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing…
CVE-2019-17344 — CVSS 6.5 (medium): An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running…
CVE-2023-5088 — CVSS 6.4 (medium): A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead…
CVE-2023-20625 — CVSS 6.4 (medium): In adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution…
CVE-2023-20611 — CVSS 6.4 (medium): In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution…
CVE-2023-20610 — CVSS 6.4 (medium): In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System…
CVE-2023-20607 — CVSS 6.4 (medium): In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System…
CVE-2022-32643 — CVSS 6.4 (medium): In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution…
CVE-2022-32642 — CVSS 6.4 (medium): In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System…
CVE-2022-32648 — CVSS 6.4 (medium): In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution…
CVE-2022-32644 — CVSS 6.4 (medium): In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution…
CVE-2022-32610 — CVSS 6.4 (medium): In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution…
CVE-2022-32609 — CVSS 6.4 (medium): In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution…
CVE-2018-25008 — CVSS 5.9 (medium): In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be…
CVE-2020-36220 — CVSS 5.9 (medium): An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory…
CVE-2020-36217 — CVSS 5.9 (medium): An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync…
CVE-2020-36216 — CVSS 5.9 (medium): An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread…
CVE-2021-46939 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was…
CVE-2021-41213 — CVSS 5.5 (medium): TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock…
CVE-2020-12769 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to…
CVE-2021-30904 — CVSS 5.3 (medium): A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to…
CVE-2022-3565 — CVSS 4.6 (medium): A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the…
CVE-2019-15031 — CVSS 4.4 (medium): In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an…