Skip to main content

Race Condition

1817 CVEs technique

Monthly

CVE-2021-25158 MEDIUM POC PATCH THREAT This Month

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Race Condition Aruba Instant Scalance W1750D Firmware
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
30.6%
CVE-2021-29265 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.7. Rated medium severity (CVSS 4.7).

Linux Denial Of Service Race Condition Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-28964 MEDIUM This Month

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Denial Of Service Race Condition Linux Kernel Fedora +5
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-20261 MEDIUM PATCH This Month

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. Rated medium severity (CVSS 6.4).

Information Disclosure Race Condition Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2021-0387 MEDIUM PATCH This Month

In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).

Google Privilege Escalation Race Condition Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-21166 HIGH KEV THREAT This Week

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Race Condition Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
26.5%
CVE-2021-21165 HIGH POC This Week

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Race Condition Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-0401 MEDIUM This Month

In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation Race Condition Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-0367 MEDIUM This Month

In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation Race Condition Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-0366 MEDIUM This Month

In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation Race Condition Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-22974 HIGH This Week

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +12
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-3348 HIGH PATCH This Week

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O. Rated high severity (CVSS 7.0).

Linux Information Disclosure Race Condition Linux Kernel Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-0320 MEDIUM PATCH This Month

In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. Rated medium severity (CVSS 4.7).

Google Information Disclosure Race Condition Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2021-0303 HIGH This Week

In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Denial Of Service Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2021-1061 MEDIUM This Month

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which. Rated medium severity (CVSS 6.3). No vendor patch available.

Denial Of Service Information Disclosure Nvidia Race Condition Virtual Gpu Manager
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-35897 Cargo MEDIUM PATCH This Month

An issue was discovered in the atom crate before 0.3.6 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Atom
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35886 Cargo MEDIUM This Month

An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Arr
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35882 Cargo HIGH POC PATCH This Week

An issue was discovered in the rocket crate before 0.4.5 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Rocket
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35874 Cargo HIGH POC PATCH This Week

An issue was discovered in the internment crate through 2020-05-28 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Internment
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35871 Cargo HIGH PATCH This Week

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35928 Cargo MEDIUM POC PATCH This Month

An issue was discovered in the concread crate before 0.2.6 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Concread
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35914 Cargo MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35913 Cargo MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35912 Cargo MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35911 Cargo MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-35905 Cargo MEDIUM POC PATCH This Month

An issue was discovered in the futures-util crate before 0.3.7 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Future Utils
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-27837 MEDIUM PATCH This Month

A flaw was found in GDM in versions prior to 3.38.2.1. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Race Condition Authentication Bypass Gnome Display Manager
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-27067 MEDIUM PATCH This Month

In the l2tp subsystem, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-0474 HIGH PATCH This Week

In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2020-27825 MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2020-16123 MEDIUM POC PATCH This Month

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Ubuntu Information Disclosure Ubuntu Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-29374 LOW POC PATCH Monitor

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. Rated low severity (CVSS 3.6). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Debian Linux +6
NVD
CVSS 3.1
3.6
EPSS
0.4%
CVE-2020-29372 MEDIUM POC PATCH This Month

An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Race Condition Linux Linux Kernel Ubuntu Linux
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2020-29370 HIGH POC PATCH This Week

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Cloud Backup +5
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2020-29369 HIGH POC PATCH This Week

An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Hci Management Node +3
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2020-29368 HIGH POC PATCH This Week

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Cloud Backup +5
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2020-27746 LOW PATCH Monitor

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Slurm Debian Linux
NVD
CVSS 3.1
3.7
EPSS
0.8%
CVE-2020-25653 MEDIUM POC PATCH This Month

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. Rated medium severity (CVSS 6.3). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-25651 MEDIUM POC PATCH This Month

A flaw was found in the SPICE file transfer protocol. Rated medium severity (CVSS 6.4). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-8755 MEDIUM This Month

Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Privilege Escalation Intel Converged Security And Management Engine Server Platform Services
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-28049 MEDIUM POC This Month

An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Sddm Leap Debian Linux +1
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2020-11173 HIGH PATCH This Week

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Agatti Firmware Apq8053 Firmware +31
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2020-27675 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel Fedora +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-27672 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-9990 HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition RCE Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-9796 HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition RCE Apple Mac Os X
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-1667 HIGH This Week

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
8.3
EPSS
0.7%
CVE-2020-1660 CRITICAL Act Now

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2020-24696 HIGH This Week

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Authoritative
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-15670 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox for Android 79. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Race Condition RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-25775 MEDIUM This Month

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Trend Micro Information Disclosure Antivirus 2020 Internet Security 2020 +2
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-25604 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen Fedora Debian Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-6575 HIGH PATCH This Week

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Race Condition Information Disclosure Chrome Backports Sle +3
NVD
CVSS 3.1
8.3
EPSS
1.4%
CVE-2020-0268 MEDIUM This Month

In NFC, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-0428 MEDIUM This Month

In CamX code, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-25285 MEDIUM PATCH This Month

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly. Rated medium severity (CVSS 6.4).

Race Condition Denial Of Service Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-24655 MEDIUM This Month

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Google Race Condition Authentication Bypass Authy 2 Factor Authentication
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2020-16602 HIGH POC This Week

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Chroma Sdk
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
6.0%
CVE-2020-15309 HIGH POC This Week

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-8680 HIGH PATCH This Week

Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0).

Race Condition Privilege Escalation Intel Graphics Drivers
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-0554 HIGH PATCH This Week

Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Privilege Escalation Intel Microsoft Ac 3165 Firmware +10
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2020-15707 MEDIUM POC PATCH This Month

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.

Ubuntu Buffer Overflow Race Condition Debian RCE +16
NVD
CVSS 3.1
6.4
EPSS
1.6%
CVE-2020-15706 MEDIUM PATCH This Month

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).

Race Condition RCE Grub2 Enterprise Linux Atomic Host Openshift Container Platform +11
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2020-0305 MEDIUM PATCH This Month

In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition Privilege Escalation Android Leap
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-1645 HIGH This Week

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
8.3
EPSS
0.6%
CVE-2020-1641 MEDIUM This Month

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15586 Go MEDIUM PATCH This Month

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Go Cf Deployment Routing Release +3
NVD
CVSS 3.1
5.9
EPSS
2.9%
CVE-2020-12420 HIGH POC This Week

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Race Condition Mozilla Firefox Firefox Esr +3
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-12416 HIGH POC This Week

A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Race Condition Mozilla Firefox Leap
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-12405 MEDIUM POC This Month

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-7457 HIGH POC PATCH THREAT Act Now

In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition RCE Freebsd
NVD
CVSS 3.1
8.1
EPSS
33.0%
CVE-2020-15567 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Privilege Escalation Intel Amd +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-1839 MEDIUM This Month

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition RCE Huawei Mate 30 Firmware
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-15530 HIGH POC This Week

An issue was discovered in Valve Steam Client 2.10.91.91. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Steam Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-4387 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).

Race Condition IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-4386 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).

Race Condition IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-5969 MEDIUM This Month

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-15396 HIGH POC PATCH This Week

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Privilege Escalation Hylafax Hylafax Enterprise Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9615 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Adobe Race Condition Authentication Bypass Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.0
EPSS
1.4%
CVE-2020-5967 MEDIUM This Month

NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Nvidia Quadro Firmware Tesla Firmware +3
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-3966 HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Race Condition VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-14416 MEDIUM PATCH This Month

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Race Condition Linux Information Disclosure Linux Kernel Leap
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2020-3350 MEDIUM This Month

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Cisco Information Disclosure Advanced Malware Protection For Endpoints Clam Antivirus +3
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-0218 HIGH PATCH This Week

In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-0199 MEDIUM PATCH This Month

In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 4.1).

Google Race Condition Information Disclosure Android
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2020-0141 MEDIUM PATCH This Month

In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Google Race Condition Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2020-0126 MEDIUM PATCH This Month

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition RCE Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-9839 HIGH POC Act Now

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Apple Ipados Iphone Os +3
NVD GitHub
CVSS 3.1
7.0
EPSS
3.7%
CVE-2020-11492 HIGH This Week

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Docker Information Disclosure Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-3353 MEDIUM This Month

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Identity Services Engine
NVD
CVSS 3.1
5.9
EPSS
0.8%
EPSS 31% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Race Condition Aruba +2
NVD Exploit-DB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.7. Rated medium severity (CVSS 4.7).

Linux Denial Of Service Race Condition +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Denial Of Service Race Condition +7
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. Rated medium severity (CVSS 6.4).

Information Disclosure Race Condition Linux Kernel +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).

Google Privilege Escalation Race Condition +1
NVD
EPSS 27% CVSS 8.8
HIGH KEV THREAT This Week

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Race Condition +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Race Condition +3
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In vpu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition Big Ip Access Policy Manager +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O. Rated high severity (CVSS 7.0).

Linux Information Disclosure Race Condition +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. Rated medium severity (CVSS 4.7).

Google Information Disclosure Race Condition +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Denial Of Service Privilege Escalation +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which. Rated medium severity (CVSS 6.3). No vendor patch available.

Denial Of Service Information Disclosure Nvidia +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the atom crate before 0.3.6 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Atom
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Arr
NVD
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in the rocket crate before 0.4.5 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Rocket
NVD
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in the internment crate through 2020-05-28 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Internment
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Rusqlite
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

An issue was discovered in the concread crate before 0.2.6 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Concread
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the lock_api crate before 0.4.2 for Rust. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Lock Api
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

An issue was discovered in the futures-util crate before 0.3.7 for Rust. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Future Utils
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A flaw was found in GDM in versions prior to 3.38.2.1. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Race Condition Authentication Bypass Gnome Display Manager
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

In the l2tp subsystem, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux +7
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Ubuntu Information Disclosure +1
NVD
EPSS 0% CVSS 3.6
LOW POC PATCH Monitor

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. Rated low severity (CVSS 3.6). Public exploit code available.

Race Condition Linux Information Disclosure +8
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Race Condition Linux +2
NVD VulDB
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure +7
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure +7
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Slurm +1
NVD
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. Rated medium severity (CVSS 6.3). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent +2
NVD
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

A flaw was found in the SPICE file transfer protocol. Rated medium severity (CVSS 6.4). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Privilege Escalation Intel +2
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Sddm +3
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure +33
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux +3
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition RCE Apple +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition RCE Apple +1
NVD
EPSS 1% CVSS 8.3
HIGH This Week

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper +1
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Authoritative
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox for Android 79. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Race Condition +5
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Trend Micro Information Disclosure +4
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen +3
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In NFC, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In CamX code, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly. Rated medium severity (CVSS 6.4).

Race Condition Denial Of Service Linux +3
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Google Race Condition Authentication Bypass +1
NVD
EPSS 6% CVSS 8.1
HIGH POC This Week

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Chroma Sdk
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH POC This Week

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Wolfssl
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0).

Race Condition Privilege Escalation Intel +1
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Privilege Escalation Intel +12
NVD
EPSS 2% CVSS 6.4
MEDIUM POC PATCH This Month

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.

Ubuntu Buffer Overflow Race Condition +18
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).

Race Condition RCE Grub2 +13
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition Privilege Escalation +2
NVD
EPSS 1% CVSS 8.3
HIGH This Week

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper +1
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Go +5
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Race Condition Mozilla +5
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Race Condition Mozilla +2
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Mozilla +4
NVD
EPSS 33% CVSS 8.1
HIGH POC PATCH THREAT Act Now

In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition RCE Freebsd
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Privilege Escalation +6
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition RCE Huawei +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in Valve Steam Client 2.10.91.91. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Steam Client
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).

Race Condition IBM Microsoft +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).

Race Condition IBM Microsoft +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Denial Of Service Nvidia +2
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Privilege Escalation Hylafax +4
NVD
EPSS 1% CVSS 7.0
HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Adobe Race Condition Authentication Bypass +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Nvidia +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Race Condition VMware +4
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Race Condition Linux Information Disclosure +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Cisco Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation +2
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 4.1).

Google Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Google Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition RCE +2
NVD
EPSS 4% CVSS 7.0
HIGH POC Act Now

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Apple +5
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Docker +2
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service +1
NVD
Prev Page 15 of 21 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy