Total
1495 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0764 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2020-07-01 | 6.2 Medium |
| Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | ||||
| CVE-2020-9615 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 7.0 High |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass. | ||||
| CVE-2018-1121 | 1 Procps Project | 1 Procps | 2020-06-30 | N/A |
| procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. | ||||
| CVE-2020-12652 | 1 Linux | 1 Linux Kernel | 2020-06-13 | 4.1 Medium |
| The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." | ||||
| CVE-2015-5947 | 1 Salesagility | 1 Suitecrm | 2020-06-12 | 8.1 High |
| SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-2016 | 1 Paloaltonetworks | 1 Pan-os | 2020-06-10 | 7.0 High |
| A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. | ||||
| CVE-2011-0784 | 1 Google | 1 Chrome | 2020-06-05 | N/A |
| Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio. | ||||
| CVE-2011-1444 | 3 Debian, Google, Linux | 3 Debian Linux, Chrome, Linux Kernel | 2020-05-29 | N/A |
| Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2012-0953 | 1 Nvidia | 1 Display Driver | 2020-05-18 | 5.0 Medium |
| A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53. | ||||
| CVE-2019-15879 | 1 Freebsd | 1 Freebsd | 2020-05-18 | 7.4 High |
| In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. | ||||
| CVE-2020-5835 | 1 Symantec | 1 Endpoint Protection Manager | 2020-05-14 | 7.0 High |
| Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. | ||||
| CVE-2020-11037 | 1 Torchbox | 1 Wagtail | 2020-05-08 | 4.7 Medium |
| In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9. | ||||
| CVE-2017-15357 | 1 Arqbackup | 1 Arq | 2020-05-04 | N/A |
| The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | ||||
| CVE-2017-6512 | 3 Canonical, Debian, File\ | 3 Ubuntu Linux, Debian Linux, \ | 2020-04-29 | 5.9 Medium |
| Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. | ||||
| CVE-2017-8342 | 1 Radicale | 1 Radicale | 2020-04-25 | N/A |
| Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | ||||
| CVE-2020-0568 | 1 Intel | 1 Driver \& Support Assistant | 2020-04-23 | 4.7 Medium |
| Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2011-3080 | 1 Google | 1 Chrome | 2020-04-14 | N/A |
| Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors. | ||||
| CVE-2018-21085 | 1 Google | 1 Android | 2020-04-10 | 8.1 High |
| An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018). | ||||
| CVE-2018-21084 | 1 Google | 1 Android | 2020-04-10 | 8.1 High |
| An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018). | ||||
| CVE-2018-21040 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2020-04-09 | 8.1 High |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018). | ||||