Total
1495 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35928 | 1 Concread Project | 1 Concread | 2021-01-06 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. | |||||
| CVE-2020-35911 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. | |||||
| CVE-2020-35912 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. | |||||
| CVE-2020-35913 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. | |||||
| CVE-2020-35914 | 1 Lock Api Project | 1 Lock Api | 2021-01-05 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. | |||||
| CVE-2020-27837 | 1 Gnome | 1 Gnome Display Manager | 2020-12-30 | 4.4 MEDIUM | 6.4 MEDIUM |
| A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. | |||||
| CVE-2020-27067 | 1 Google | 1 Android | 2020-12-17 | 4.4 MEDIUM | 6.4 MEDIUM |
| In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173 | |||||
| CVE-2020-16123 | 1 Canonical | 1 Ubuntu Linux | 2020-12-10 | 2.1 LOW | 4.7 MEDIUM |
| An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15. | |||||
| CVE-2020-8755 | 1 Intel | 2 Converged Security And Management Engine, Server Platform Services | 2020-11-20 | 4.4 MEDIUM | 6.4 MEDIUM |
| Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2017-8244 | 1 Google | 1 Android | 2020-11-09 | 6.9 MEDIUM | 7.0 HIGH |
| In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). | |||||
| CVE-2009-0784 | 2 Debian, Systemtap | 2 Debian Linux, Systemtap | 2020-11-04 | 6.3 MEDIUM | N/A |
| Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. | |||||
| CVE-2020-1660 | 1 Juniper | 1 Junos | 2020-10-28 | 6.8 MEDIUM | 9.9 CRITICAL |
| When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. | |||||
| CVE-2020-9796 | 1 Apple | 1 Mac Os X | 2020-10-27 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-1667 | 1 Juniper | 1 Junos | 2020-10-27 | 4.0 MEDIUM | 8.3 HIGH |
| When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing "URL Filtering service", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. | |||||
| CVE-2016-9381 | 2 Citrix, Qemu | 2 Xenserver, Qemu | 2020-10-23 | 6.9 MEDIUM | 7.5 HIGH |
| Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |||||
| CVE-2019-11922 | 1 Facebook | 1 Zstandard | 2020-10-20 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. | |||||
| CVE-2020-24696 | 1 Powerdns | 1 Authoritative | 2020-10-08 | 5.1 MEDIUM | 8.1 HIGH |
| An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. | |||||
| CVE-2020-25775 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2020-10-07 | 6.3 MEDIUM | 6.3 MEDIUM |
| The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. | |||||
| CVE-2015-8839 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-10-02 | 1.9 LOW | 5.1 MEDIUM |
| Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. | |||||
| CVE-2020-0268 | 1 Google | 1 Android | 2020-09-24 | 4.4 MEDIUM | 6.4 MEDIUM |
| In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 | |||||