Total
1264 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-21086 | 1 Google | 1 Android | 2020-04-09 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018). | |||||
CVE-2017-18647 | 1 Google | 1 Android | 2020-04-09 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017). | |||||
CVE-2017-18692 | 3 Google, Qualcomm, Samsung | 7 Android, Msm8939, Msm8996 and 4 more | 2020-04-08 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a resultant buffer overflow, in the sec_ts touchscreen sysfs interface. The Samsung ID is SVE-2016-7501 (January 2017). | |||||
CVE-2016-11030 | 1 Google | 1 Android | 2020-04-07 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016). | |||||
CVE-2015-7335 | 1 Lenovo | 1 System Update | 2020-03-30 | 6.9 MEDIUM | 7.0 HIGH |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | |||||
CVE-2020-10843 | 1 Google | 1 Android | 2020-03-26 | 4.4 MEDIUM | 7.0 HIGH |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020). | |||||
CVE-2020-10575 | 1 Meetecho | 1 Janus | 2020-03-18 | 4.0 MEDIUM | 4.2 MEDIUM |
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times. | |||||
CVE-2020-10577 | 1 Meetecho | 1 Janus | 2020-03-17 | 5.8 MEDIUM | 4.8 MEDIUM |
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions. | |||||
CVE-2020-10576 | 1 Meetecho | 1 Janus | 2020-03-17 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash. | |||||
CVE-2020-3831 | 1 Apple | 2 Ipados, Iphone Os | 2020-03-02 | 7.6 HIGH | 7.0 HIGH |
A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2020-9329 | 1 Gogs | 1 Gogs | 2020-02-25 | 4.3 MEDIUM | 5.9 MEDIUM |
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. | |||||
CVE-2011-0699 | 1 Linux | 1 Linux Kernel | 2020-02-25 | 6.9 MEDIUM | 7.0 HIGH |
Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value. | |||||
CVE-2020-3163 | 1 Cisco | 1 Unified Contact Center Enterprise | 2020-02-24 | 7.1 HIGH | 5.9 MEDIUM |
A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection. | |||||
CVE-2013-3685 | 2 Lg, Spritesoftware | 45 E971, E973, E975 and 42 more | 2020-02-19 | 6.9 MEDIUM | 7.0 HIGH |
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. | |||||
CVE-2018-9069 | 2 Hp, Lenovo | 133 310s-14isk, 310s-14isk Firmware, 320-15ikbra and 130 more | 2020-02-18 | 7.0 HIGH | 5.9 MEDIUM |
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS. | |||||
CVE-2020-3941 | 2 Microsoft, Vmware | 2 Windows, Tools | 2020-02-05 | 4.4 MEDIUM | 7.0 HIGH |
The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. | |||||
CVE-2007-4774 | 1 Linux | 1 Linux Kernel | 2020-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process. | |||||
CVE-2014-2906 | 1 Fishshell | 1 Fish | 2020-02-03 | 4.4 MEDIUM | 7.0 HIGH |
The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name. | |||||
CVE-2014-3856 | 1 Fishshell | 1 Fish | 2020-02-03 | 4.4 MEDIUM | 7.0 HIGH |
The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name. | |||||
CVE-2019-19537 | 1 Linux | 1 Linux Kernel | 2020-01-17 | 4.7 MEDIUM | 4.2 MEDIUM |
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. |