Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-29369 | 2 Linux, Netapp | 5 Linux Kernel, Hci Compute Node, Hci Management Node and 2 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. | |||||
CVE-2018-20313 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
CVE-2020-35886 | 1 Arr Project | 1 Arr | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. | |||||
CVE-2020-9796 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2020-35914 | 1 Lock Api Project | 1 Lock Api | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. | |||||
CVE-2018-20311 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
CVE-2020-25604 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability. | |||||
CVE-2020-0268 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 | |||||
CVE-2020-35928 | 1 Concread Project | 1 Concread | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. | |||||
CVE-2020-16021 | 1 Google | 2 Chrome, Chrome Os | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file. | |||||
CVE-2018-20315 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
CVE-2021-20261 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw. | |||||
CVE-2020-9990 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2020-35874 | 1 Internment Project | 1 Internment | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free. | |||||
CVE-2020-25653 | 3 Debian, Fedoraproject, Spice-space | 3 Debian Linux, Fedora, Spice-vdagent | 2024-02-28 | 5.4 MEDIUM | 6.3 MEDIUM |
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. | |||||
CVE-2020-16123 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 2.1 LOW | 4.7 MEDIUM |
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15. | |||||
CVE-2020-15670 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. | |||||
CVE-2021-1061 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2024-02-28 | 3.3 LOW | 6.3 MEDIUM |
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
CVE-2020-0474 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240 | |||||
CVE-2020-8755 | 1 Intel | 2 Converged Security And Management Engine, Server Platform Services | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |