Search
Total
1179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0366 | 1 Google | 1 Android | 2021-03-02 | 6.9 MEDIUM | 6.4 MEDIUM |
| In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093. | |||||
| CVE-2021-0367 | 1 Google | 1 Android | 2021-03-02 | 6.9 MEDIUM | 6.4 MEDIUM |
| In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085. | |||||
| CVE-2021-0401 | 1 Google | 1 Android | 2021-03-02 | 6.9 MEDIUM | 6.4 MEDIUM |
| In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265. | |||||
| CVE-2016-10027 | 2 Fedoraproject, Igniterealtime | 2 Fedora, Smack | 2021-02-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response. | |||||
| CVE-2021-22974 | 1 F5 | 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 12 more | 2021-02-19 | 6.0 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2020-11152 | 1 Qualcomm | 160 Apq8009w, Apq8017, Apq8037 and 157 more | 2021-01-29 | 6.9 MEDIUM | 6.4 MEDIUM |
| Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-28049 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2021-01-28 | 3.3 LOW | 6.3 MEDIUM |
| An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | |||||
| CVE-2020-6575 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-27 | 5.1 MEDIUM | 8.3 HIGH |
| Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-25533 | 1 Malwarebytes | 1 Malwarebytes | 2021-01-26 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn. | |||||
| CVE-2020-17534 | 1 Apache | 1 Html\/java Api | 2021-01-20 | 4.4 MEDIUM | 7.0 HIGH |
| There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows theirs: To avoid local privilege escalation version 1.7.1 creates the temporary directory atomically without dealing with the temporary file: https://github.com/apache/netbeans-html4j/commit/fa70e507e5555e1adb4f6518479fc408a7abd0e6 | |||||
| CVE-2021-0320 | 1 Google | 1 Android | 2021-01-13 | 1.9 LOW | 4.7 MEDIUM |
| In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-169933423. | |||||
| CVE-2021-0303 | 1 Google | 1 Android | 2021-01-13 | 6.9 MEDIUM | 7.0 HIGH |
| In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170407229. | |||||
| CVE-2020-16021 | 1 Google | 2 Chrome, Chrome Os | 2021-01-12 | 5.1 MEDIUM | 7.5 HIGH |
| Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file. | |||||
| CVE-2021-1061 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 3.3 LOW | 6.3 MEDIUM |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2018-20309 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20310 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20311 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20312 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | |||||
| CVE-2018-20313 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20314 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20315 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20316 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | |||||
| CVE-2020-35897 | 1 Atom Project | 1 Atom | 2021-01-07 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race. | |||||
| CVE-2020-35882 | 1 Rocket | 1 Rocket | 2021-01-07 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race. | |||||
| CVE-2020-35886 | 1 Arr Project | 1 Arr | 2021-01-07 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. | |||||
| CVE-2020-35905 | 1 Rust-lang | 1 Future-utils | 2021-01-06 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). | |||||
| CVE-2020-35928 | 1 Concread Project | 1 Concread | 2021-01-06 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. | |||||
| CVE-2020-35911 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. | |||||
| CVE-2020-35912 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. | |||||
| CVE-2020-35913 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. | |||||
| CVE-2020-35914 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. | |||||
| CVE-2020-11884 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2021-01-04 | 6.9 MEDIUM | 7.0 HIGH |
| In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. | |||||
| CVE-2020-27837 | 1 Gnome | 1 Gnome Display Manager | 2020-12-30 | 4.4 MEDIUM | 6.4 MEDIUM |
| A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. | |||||
| CVE-2020-29370 | 1 Linux | 1 Linux Kernel | 2020-12-18 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. | |||||
| CVE-2020-27067 | 1 Google | 1 Android | 2020-12-17 | 4.4 MEDIUM | 6.4 MEDIUM |
| In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173 | |||||
| CVE-2020-16123 | 1 Canonical | 1 Ubuntu Linux | 2020-12-10 | 2.1 LOW | 4.7 MEDIUM |
| An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15. | |||||
| CVE-2019-3837 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2020-12-04 | 4.9 MEDIUM | 6.1 MEDIUM |
| It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption. | |||||
| CVE-2020-16602 | 1 Razer | 1 Chroma Sdk | 2020-11-28 | 6.8 MEDIUM | 8.1 HIGH |
| Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step. | |||||
| CVE-2020-8755 | 1 Intel | 2 Converged Security And Management Engine, Server Platform Services | 2020-11-20 | 4.4 MEDIUM | 6.4 MEDIUM |
| Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2013-4288 | 4 Canonical, Opensuse, Polkit Project and 1 more | 4 Ubuntu Linux, Opensuse, Polkit and 1 more | 2020-11-16 | 7.2 HIGH | N/A |
| Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. | |||||
| CVE-2020-25604 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2020-11-11 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability. | |||||
| CVE-2017-8244 | 1 Google | 1 Android | 2020-11-09 | 6.9 MEDIUM | 7.0 HIGH |
| In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). | |||||
| CVE-2009-0784 | 2 Debian, Systemtap | 2 Debian Linux, Systemtap | 2020-11-04 | 6.3 MEDIUM | N/A |
| Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. | |||||
| CVE-2020-15309 | 1 Wolfssl | 1 Wolfssl | 2020-10-28 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). | |||||
| CVE-2020-9796 | 1 Apple | 1 Mac Os X | 2020-10-27 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-1667 | 1 Juniper | 1 Junos | 2020-10-27 | 4.0 MEDIUM | 8.3 HIGH |
| When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing "URL Filtering service", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. | |||||
| CVE-2016-9381 | 2 Citrix, Qemu | 2 Xenserver, Qemu | 2020-10-23 | 6.9 MEDIUM | 7.5 HIGH |
| Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |||||
| CVE-2019-11922 | 1 Facebook | 1 Zstandard | 2020-10-20 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. | |||||
| CVE-2018-17972 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2020-10-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. | |||||
| CVE-2020-24696 | 1 Powerdns | 1 Authoritative | 2020-10-08 | 5.1 MEDIUM | 8.1 HIGH |
| An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. | |||||