Total
1495 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11037 | 1 Torchbox | 1 Wagtail | 2020-05-08 | 1.9 LOW | 4.7 MEDIUM |
| In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9. | |||||
| CVE-2017-15357 | 1 Arqbackup | 1 Arq | 2020-05-04 | 6.9 MEDIUM | 7.4 HIGH |
| The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | |||||
| CVE-2017-6512 | 3 Canonical, Debian, File\ | 3 Ubuntu Linux, Debian Linux, \ | 2020-04-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. | |||||
| CVE-2017-8342 | 1 Radicale | 1 Radicale | 2020-04-25 | 4.3 MEDIUM | 8.1 HIGH |
| Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | |||||
| CVE-2020-0568 | 1 Intel | 1 Driver \& Support Assistant | 2020-04-23 | 1.9 LOW | 4.7 MEDIUM |
| Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2011-3080 | 1 Google | 1 Chrome | 2020-04-14 | 7.6 HIGH | N/A |
| Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors. | |||||
| CVE-2018-21085 | 1 Google | 1 Android | 2020-04-10 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018). | |||||
| CVE-2018-21084 | 1 Google | 1 Android | 2020-04-10 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018). | |||||
| CVE-2018-21040 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2020-04-09 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018). | |||||
| CVE-2018-21086 | 1 Google | 1 Android | 2020-04-09 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018). | |||||
| CVE-2017-18647 | 1 Google | 1 Android | 2020-04-09 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017). | |||||
| CVE-2017-18692 | 3 Google, Qualcomm, Samsung | 7 Android, Msm8939, Msm8996 and 4 more | 2020-04-08 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a resultant buffer overflow, in the sec_ts touchscreen sysfs interface. The Samsung ID is SVE-2016-7501 (January 2017). | |||||
| CVE-2016-11030 | 1 Google | 1 Android | 2020-04-07 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016). | |||||
| CVE-2015-7335 | 1 Lenovo | 1 System Update | 2020-03-30 | 6.9 MEDIUM | 7.0 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2020-10843 | 1 Google | 1 Android | 2020-03-26 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020). | |||||
| CVE-2020-10575 | 1 Meetecho | 1 Janus | 2020-03-18 | 4.0 MEDIUM | 4.2 MEDIUM |
| An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times. | |||||
| CVE-2020-10577 | 1 Meetecho | 1 Janus | 2020-03-17 | 5.8 MEDIUM | 4.8 MEDIUM |
| An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions. | |||||
| CVE-2020-10576 | 1 Meetecho | 1 Janus | 2020-03-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash. | |||||
| CVE-2020-3831 | 1 Apple | 2 Ipados, Iphone Os | 2020-03-02 | 7.6 HIGH | 7.0 HIGH |
| A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9329 | 1 Gogs | 1 Gogs | 2020-02-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. | |||||