Race Condition
Monthly
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
An issue was discovered in the Linux kernel before 5.11.7. Rated medium severity (CVSS 4.7).
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 4.7). No vendor patch available.
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. Rated medium severity (CVSS 6.4).
In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O. Rated high severity (CVSS 7.0).
In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. Rated medium severity (CVSS 4.7).
In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which. Rated medium severity (CVSS 6.3). No vendor patch available.
An issue was discovered in the atom crate before 0.3.6 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the rocket crate before 0.4.5 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered in the internment crate through 2020-05-28 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in the concread crate before 0.2.6 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the futures-util crate before 0.3.7 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
A flaw was found in GDM in versions prior to 3.38.2.1. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.
In the l2tp subsystem, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).
In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0).
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were. Rated medium severity (CVSS 4.7). Public exploit code available.
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. Rated low severity (CVSS 3.6). Public exploit code available.
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. Rated medium severity (CVSS 4.7). Public exploit code available.
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. Rated high severity (CVSS 7.0). Public exploit code available.
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. Rated high severity (CVSS 7.0). Public exploit code available.
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Rated high severity (CVSS 7.0). Public exploit code available.
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. Rated medium severity (CVSS 6.3). Public exploit code available.
A flaw was found in the SPICE file transfer protocol. Rated medium severity (CVSS 6.4). Public exploit code available.
Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.
An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.
u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).
A race condition was addressed with additional validation. Rated high severity (CVSS 7.8). No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0). No vendor patch available.
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate. Rated medium severity (CVSS 6.3). No vendor patch available.
An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
In NFC, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In CamX code, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly. Rated medium severity (CVSS 6.4).
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0).
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.
An issue was discovered in Valve Steam Client 2.10.91.91. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or. Rated medium severity (CVSS 6.3). No vendor patch available.
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. Rated medium severity (CVSS 4.7). No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the. Rated medium severity (CVSS 6.3). No vendor patch available.
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0).
In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 4.1).
In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.
In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
An issue was discovered in the Linux kernel before 5.11.7. Rated medium severity (CVSS 4.7).
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 4.7). No vendor patch available.
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. Rated medium severity (CVSS 6.4).
In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O. Rated high severity (CVSS 7.0).
In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. Rated medium severity (CVSS 4.7).
In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which. Rated medium severity (CVSS 6.3). No vendor patch available.
An issue was discovered in the atom crate before 0.3.6 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the rocket crate before 0.4.5 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered in the internment crate through 2020-05-28 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in the concread crate before 0.2.6 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.
An issue was discovered in the futures-util crate before 0.3.7 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.
A flaw was found in GDM in versions prior to 3.38.2.1. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.
In the l2tp subsystem, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).
In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0).
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were. Rated medium severity (CVSS 4.7). Public exploit code available.
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. Rated low severity (CVSS 3.6). Public exploit code available.
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. Rated medium severity (CVSS 4.7). Public exploit code available.
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. Rated high severity (CVSS 7.0). Public exploit code available.
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. Rated high severity (CVSS 7.0). Public exploit code available.
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Rated high severity (CVSS 7.0). Public exploit code available.
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. Rated medium severity (CVSS 6.3). Public exploit code available.
A flaw was found in the SPICE file transfer protocol. Rated medium severity (CVSS 6.4). Public exploit code available.
Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.
An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.
u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).
A race condition was addressed with additional validation. Rated high severity (CVSS 7.8). No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0). No vendor patch available.
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate. Rated medium severity (CVSS 6.3). No vendor patch available.
An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
In NFC, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In CamX code, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly. Rated medium severity (CVSS 6.4).
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0).
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.
An issue was discovered in Valve Steam Client 2.10.91.91. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or. Rated medium severity (CVSS 6.3). No vendor patch available.
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. Rated medium severity (CVSS 4.7). No vendor patch available.
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the. Rated medium severity (CVSS 6.3). No vendor patch available.
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0).
In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 4.1).
In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.
In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.