CVE-2022-49737

HIGH Year: 2022
CVSS v3 Score
7.7
High
Weakness Type
CWE-413
View all →

Vulnerability Description

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.

Related Vulnerabilities

CVE-2022-20678

HIGH
CVSS:7.5(High)

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) conditio...

CWE-4132022

CVE-2023-28649

HIGH
CVSS:7.5(High)

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send devic...

CWE-4132023

CVE-2019-17102

HIGH
CVSS:8.1(High)

An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks at...

CWE-4132019

CVE-2019-17102

HIGH
CVSS:8.1(High)

An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks at...

CWE-4132019

CVE-2022-20678

HIGH
CVSS:7.5(High)

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) conditio...

CWE-4132022

CVE-2023-28649

HIGH
CVSS:7.5(High)

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send devic...

CWE-4132023