CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-9748
https://notcve.org/view.php?id=CVE-2014-9748
11 Feb 2020 — The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. La implementación fallback de uv_rwlock_t para Windows XP y Server 2003 en libuv versiones anteriores a 1.7.4, no impide apropiadamente que los subprocesos (hilos) liberen los bloqueos de otros subprocesos... • https://github.com/libuv/libuv/issues/515 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2015-0278 – Mandriva Linux Security Advisory 2015-228
https://notcve.org/view.php?id=CVE-2015-0278
06 May 2015 — libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. libuv anterior a 0.10.34 no cancela correctamente los privilegios de grupo, lo que permite a atacantes dependientes de contexto ganar privilegios a través de vectores no especificados. It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with n... • http://advisories.mageia.org/MGASA-2015-0186.html • CWE-273: Improper Check for Dropped Privileges •