Total
1513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0508 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
| In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154 | |||||
| CVE-2020-27921 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-25394 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
| A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. | |||||
| CVE-2020-36447 | 1 V9 Project | 1 V9 | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef<T>. | |||||
| CVE-2021-0520 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
| In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595 | |||||
| CVE-2021-0247 | 1 Juniper | 20 Junos, Ptx1000, Ptx10001-36mr and 17 more | 2024-02-28 | 6.8 MEDIUM | 5.5 MEDIUM |
| A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is detectable by reviewing the PFE firewall rules, as well as the firewall counters and seeing if they are incrementing or not. For example: show firewall Filter: __default_bpdu_filter__ Filter: FILTER-INET-01 Counters: Name Bytes Packets output-match-inet 0 0 <<<<<< missing firewall packet count This issue affects: Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D53 on QFX Series; 14.1 versions 14.1R1 and later versions prior to 15.1 versions prior to 15.1R7-S6 on QFX Series, PTX Series; 15.1X53 versions prior to 15.1X53-D593 on QFX Series; 16.1 versions prior to 16.1R7-S7 on QFX Series, PTX Series; 16.2 versions prior to 16.2R2-S11, 16.2R3 on QFX Series, PTX Series; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on QFX Series, PTX Series; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3 on QFX Series, PTX Series; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on QFX Series, PTX Series; 17.4 versions prior to 17.4R2-S9, 17.4R3 on QFX Series, PTX Series; 18.1 versions prior to 18.1R3-S9 on QFX Series, PTX Series; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on QFX Series, PTX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on QFX Series, PTX Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R2-S7, 18.4R3 on QFX Series, PTX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on QFX Series, PTX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on QFX Series, PTX Series. | |||||
| CVE-2020-36454 | 1 Parc Project | 1 Parc | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak<T> has an unconditional implementation of Send without trait bounds on T. | |||||
| CVE-2021-32810 | 2 Crossbeam Project, Fedoraproject | 2 Crossbeam, Fedora | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. | |||||
| CVE-2021-31615 | 1 Bluetooth | 1 Bluetooth Core Specification | 2024-02-28 | 2.9 LOW | 5.3 MEDIUM |
| Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link. | |||||
| CVE-2020-25584 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 6.2 MEDIUM | 7.5 HIGH |
| In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail. | |||||
| CVE-2021-20181 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 6.9 MEDIUM | 7.5 HIGH |
| A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. | |||||
| CVE-2020-25582 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 8.5 HIGH | 8.7 HIGH |
| In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. | |||||
| CVE-2021-28697 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. | |||||
| CVE-2020-11250 | 1 Qualcomm | 720 Apq8009w, Apq8009w Firmware, Apq8017 and 717 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
| Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-29986 | 2 Linux, Mozilla | 4 Linux Kernel, Firefox, Firefox Esr and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-40490 | 4 Debian, Fedoraproject, Linux and 1 more | 29 Debian Linux, Fedora, Linux Kernel and 26 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | |||||
| CVE-2020-36458 | 1 Lexer Project | 1 Lexer | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send. | |||||
| CVE-2021-22378 | 1 Huawei | 2 Ecns280 Td, Ecns280 Td Firmware | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
| There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. | |||||
| CVE-2021-29948 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 1.9 LOW | 2.5 LOW |
| Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10. | |||||
| CVE-2020-29014 | 1 Fortinet | 1 Fortisandbox | 2024-02-28 | 6.3 MEDIUM | 5.3 MEDIUM |
| A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. | |||||