Total
1508 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12405 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2022-05-03 | 2.6 LOW | 5.3 MEDIUM |
| When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | |||||
| CVE-2020-12416 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2022-05-03 | 9.3 HIGH | 8.8 HIGH |
| A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. | |||||
| CVE-2020-14416 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2022-05-03 | 4.7 MEDIUM | 4.2 MEDIUM |
| In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. | |||||
| CVE-2020-12420 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2022-05-03 | 9.3 HIGH | 8.8 HIGH |
| When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2020-25285 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-04-28 | 4.4 MEDIUM | 6.4 MEDIUM |
| A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | |||||
| CVE-2019-18932 | 2 Opensuse, Squid Analysis Report Generator Project | 3 Backports Sle, Leap, Squid Analysis Report Generator | 2022-04-26 | 4.4 MEDIUM | 7.0 HIGH |
| log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. | |||||
| CVE-2020-1021 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2022-04-26 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088. | |||||
| CVE-2021-3348 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-04-26 | 4.4 MEDIUM | 7.0 HIGH |
| nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. | |||||
| CVE-2020-8342 | 1 Lenovo | 1 System Update | 2022-04-25 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | |||||
| CVE-2020-10279 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. | |||||
| CVE-2020-1629 | 1 Juniper | 1 Junos | 2022-04-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.2 version 17.2R2 and later versions; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D410, 18.2X75-D420, 18.2X75-D50, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to version 16.1R1. | |||||
| CVE-2020-8704 | 2 Intel, Siemens | 25 Local Manageability Service, Simatic Field Pg M5, Simatic Field Pg M5 Firmware and 22 more | 2022-04-22 | 4.4 MEDIUM | 6.4 MEDIUM |
| Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8670 | 3 Intel, Netapp, Siemens | 567 Bios, Core I3-l13g4, Core I5-l16g7 and 564 more | 2022-04-22 | 4.4 MEDIUM | 6.4 MEDIUM |
| Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-25158 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-04-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2022-27481 | 1 Siemens | 8 Scalance W1788-1 M12, Scalance W1788-1 M12 Firmware, Scalance W1788-2 Eec M12 and 5 more | 2022-04-19 | 5.7 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device. | |||||
| CVE-2019-9458 | 2 Google, Opensuse | 2 Android, Leap | 2022-04-18 | 4.4 MEDIUM | 7.0 HIGH |
| In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-20080 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2022-04-18 | 6.9 MEDIUM | 6.4 MEDIUM |
| In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290. | |||||
| CVE-2022-20077 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2022-04-18 | 6.9 MEDIUM | 6.4 MEDIUM |
| In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812. | |||||
| CVE-2019-17011 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2022-04-08 | 5.1 MEDIUM | 7.5 HIGH |
| Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
| CVE-2019-17010 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2022-04-08 | 5.1 MEDIUM | 7.5 HIGH |
| Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||