Total
2153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11152 | 1 Qualcomm | 160 Apq8009w, Apq8017, Apq8037 and 157 more | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
|
Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
|
|||||
| CVE-2020-11151 | 1 Qualcomm | 165 Pm3003a, Pm6125, Pm6150 and 162 more | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
|
Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
|
|||||
| CVE-2020-11037 | 1 Torchbox | 1 Wagtail | 2024-11-21 | 1.9 LOW | 6.1 MEDIUM |
|
In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is [understood to be feasible on a local network, ...
Show More |
|||||
| CVE-2020-10845 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020).
|
|||||
| CVE-2020-10843 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020).
|
|||||
| CVE-2020-10744 | 1 Redhat | 2 Ansible, Ansible Tower | 2024-11-21 | 3.7 LOW | 5.0 MEDIUM |
|
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
|
|||||
| CVE-2020-10737 | 1 Redhat | 1 Oddjob | 2024-11-21 | 3.7 LOW | 6.3 MEDIUM |
|
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.
|
|||||
| CVE-2020-10684 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Fedora, Ansible and 2 more | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
|
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
|
|||||
| CVE-2020-10577 | 1 Meetecho | 1 Janus | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
|
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.
|
|||||
| CVE-2020-10576 | 1 Meetecho | 1 Janus | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.
|
|||||
| CVE-2020-10575 | 1 Meetecho | 1 Janus | 2024-11-21 | 4.0 MEDIUM | 4.2 MEDIUM |
|
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.
|
|||||
| CVE-2020-10279 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.
|
|||||
| CVE-2020-10237 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
|
|||||
| CVE-2020-10174 | 3 Canonical, Fedoraproject, Timeshift Project | 3 Ubuntu Linux, Fedora, Timeshift | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privi ...
Show More |
|||||
| CVE-2020-0568 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-0554 | 2 Intel, Microsoft | 14 Ac 3165 Firmware, Ac 3168 Firmware, Ac 7265 Firmware and 11 more | 2024-11-21 | 3.7 LOW | 7.0 HIGH |
|
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0474 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169282240
|
|||||
| CVE-2020-0428 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783
|
|||||
| CVE-2020-0373 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146894086
|
|||||
| CVE-2020-0305 | 2 Google, Opensuse | 2 Android, Leap | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
|
|||||
| CVE-2020-0268 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643
|
|||||
| CVE-2020-0218 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905
|
|||||
| CVE-2020-0199 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
|
In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142142406
|
|||||
| CVE-2020-0141 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544793
|
|||||
| CVE-2020-0126 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
|
In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930
|
|||||
| CVE-2020-0066 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
|
In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077
|
|||||
| CVE-2020-0045 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
|
In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141243101
|
|||||
| CVE-2020-0030 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel
|
|||||
| CVE-2020-0008 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228
|
|||||
| CVE-2019-9821 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67.
|
|||||
| CVE-2019-9818 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
|
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
|
|||||
| CVE-2019-9710 | 1 Webargs Project | 1 Webargs | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests.
|
|||||
| CVE-2019-9458 | 2 Google, Opensuse | 2 Android, Leap | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2019-9450 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2019-9375 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
|
In hostapd, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129344244
|
|||||
| CVE-2019-9271 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2019-8978 | 1 Ellucian | 2 Banner Enterprise Identity Services, Banner Web Tailor | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim's session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim's UDCID, which in the case tested is the ...
Show More |
|||||
| CVE-2019-8757 | 1 Apple | 1 Mac Os X | 2024-11-21 | 1.9 LOW | 2.5 LOW |
|
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.
|
|||||
| CVE-2019-8606 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions.
|
|||||
| CVE-2019-8565 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 7.6 HIGH | 7.0 HIGH |
|
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.
|
|||||