Skip to main content

Race Condition

1817 CVEs technique

Monthly

CVE-2020-13759 Cargo HIGH PATCH This Week

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Vm Memory
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-13173 HIGH This Week

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Information Disclosure Pcoip Graphics Agent Pcoip Standard Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-10737 MEDIUM PATCH This Month

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into. Rated medium severity (CVSS 6.3).

Race Condition Information Disclosure Oddjob
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-12387 HIGH This Week

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-1021 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Race Condition Microsoft Information Disclosure Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-5835 HIGH This Week

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-9475 HIGH POC This Week

The S. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Sg 150 0 Firmware
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-12652 MEDIUM PATCH This Month

The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition,. Rated medium severity (CVSS 4.1).

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%
CVE-2020-12114 MEDIUM PATCH This Month

A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-12050 HIGH This Week

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Backports Sle Fedora Sqliteodbc
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-11884 HIGH PATCH This Week

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails. Rated high severity (CVSS 7.0).

Race Condition RCE Linux Linux Kernel Ubuntu Linux +21
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2020-11810 LOW POC PATCH Monitor

An issue was discovered in OpenVPN 2.4.x before 2.4.9. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Code Injection Openvpn Debian Linux Fedora
NVD GitHub
CVSS 3.1
3.7
EPSS
1.6%
CVE-2020-6820 HIGH KEV THREAT This Week

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
6.3%
CVE-2020-6819 HIGH POC KEV THREAT This Week

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2020-0568 MEDIUM PATCH This Month

Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Intel Driver Support Assistant
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-11739 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Privilege Escalation Xen Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3894 LOW Monitor

A race condition was addressed with additional validation. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Microsoft Apple Icloud +5
NVD
CVSS 3.1
3.1
EPSS
1.1%
CVE-2020-10845 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Samsung Information Disclosure Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-10843 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Samsung Information Disclosure Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2020-10577 MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Janus
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-10576 MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Janus
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-10575 MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Janus
NVD GitHub
CVSS 3.1
4.2
EPSS
0.5%
CVE-2020-0066 MEDIUM This Month

In the netlink driver, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-0045 MEDIUM This Month

In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-10237 PHP MEDIUM This Month

An issue was discovered in Froxlor through 0.10.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition PHP Froxlor
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-3831 HIGH This Week

A race condition was addressed with improved locking. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Ipados Iphone Os
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-9329 MEDIUM POC This Month

Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Gogs
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-3163 MEDIUM This Month

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Unified Contact Center Enterprise
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-0030 HIGH PATCH This Week

In binder_thread_release of binder.c, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-6388 HIGH This Week

Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Information Disclosure Chrome
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-3941 HIGH This Week

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Microsoft VMware Tools
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-11090 MEDIUM This Month

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Intel Information Disclosure Platform Trust Technology Firmware Server Platform Services Firmware +1
NVD
CVSS 3.1
5.9
EPSS
2.3%
CVE-2019-8757 LOW Monitor

A race condition existed when reading and writing user preferences. Rated low severity (CVSS 2.5). No vendor patch available.

Race Condition Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
2.5
EPSS
0.2%
CVE-2019-8606 HIGH This Week

A validation issue existed in the handling of symlinks. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2019-8565 HIGH POC THREAT Act Now

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Iphone Os Mac Os X
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
13.5%
CVE-2019-6236 HIGH This Week

A race condition existed during the installation of iCloud for Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft RCE Icloud
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-6232 HIGH This Week

A race condition existed during the installation of iTunes for Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft RCE Icloud
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-19580 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen Fedora
NVD
CVSS 3.1
6.6
EPSS
1.2%
CVE-2019-2219 MEDIUM This Month

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Java Privilege Escalation Google Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2019-19537 MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required.

Race Condition Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2019-19017 HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Webtitan
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-2213 HIGH This Week

In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Privilege Escalation Google Android
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2019-5228 HIGH This Week

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition RCE P30 Firmware P30 Pro Firmware Honor V20 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-1416 HIGH PATCH This Week

An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.0).

Race Condition Microsoft Information Disclosure Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2019-10529 HIGH POC PATCH This Week

Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +39
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-8232 PHP MEDIUM PATCH This Month

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Adobe Magento
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2019-18684 HIGH POC This Week

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Sudo
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-18683 HIGH POC PATCH This Week

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Privilege Escalation Linux Kernel Ubuntu Linux +16
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2019-18421 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-8162 HIGH PATCH This Week

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a race. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition RCE Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2019-14810 MEDIUM This Month

A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Extensible Operating System
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-6471 MEDIUM This Month

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +14
NVD
CVSS 3.1
5.9
EPSS
3.3%
CVE-2019-17342 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-17341 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-2284 HIGH PATCH This Week

Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Msm8909W Firmware Qcs405 Firmware +19
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2019-9375 MEDIUM This Month

In hostapd, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2019-2189 MEDIUM This Month

In the Easel driver, there is possible memory corruption due to race conditions. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2019-2188 MEDIUM This Month

In the Easel driver, there is possible memory corruption due to race conditions. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2019-11736 HIGH This Week

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Mozilla Privilege Escalation Firefox +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2019-11184 MEDIUM This Month

A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. Rated medium severity (CVSS 4.8). No vendor patch available.

Race Condition Intel Information Disclosure 6138 Firmware 6130T Firmware +240
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-16354 Go MEDIUM PATCH This Month

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Beego
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2019-11546 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2019-9458 HIGH PATCH This Week

In the Android kernel in the video driver there is a use after free due to a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Privilege Escalation Google Android +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2019-9450 MEDIUM PATCH This Month

In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4).

Race Condition Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2019-9271 MEDIUM This Month

In the Android kernel in the mnh driver there is a race condition due to insufficient locking. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Google Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2019-5612 HIGH This Week

In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Freebsd Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-14694 MEDIUM POC PATCH This Month

A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2019-2121 HIGH This Week

In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Google Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-12263 HIGH This Week

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware +9
NVD
CVSS 3.1
8.1
EPSS
3.2%
CVE-2019-7614 Maven MEDIUM PATCH This Month

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-11922 HIGH PATCH This Week

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Zstandard
NVD GitHub
CVSS 3.0
8.1
EPSS
1.4%
CVE-2019-2345 HIGH PATCH This Week

Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Msm8909W Firmware Msm8996au Firmware +20
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-2314 HIGH PATCH This Week

Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Msm8909W Firmware Qcs405 Firmware +22
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-9821 HIGH This Week

A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla Firefox
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2019-9818 HIGH This Week

A race condition is present in the crash generation server used to generate data for the crash reporter. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Microsoft Mozilla Firefox +2
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2019-2260 HIGH PATCH This Week

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +37
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-13233 HIGH POC PATCH This Week

In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
7.0
EPSS
0.5%
CVE-2019-6627 MEDIUM This Month

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Race Condition Ssl Orchestrator
NVD
CVSS 3.0
5.9
EPSS
0.8%
CVE-2019-13178 HIGH POC This Week

modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Calamares
NVD GitHub
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-5840 MEDIUM This Month

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Race Condition Apple Google Chrome +4
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-2008 HIGH This Week

In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2019-2006 CRITICAL Act Now

In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Race Condition Google +1
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2019-2095 HIGH This Week

In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Denial Of Service RCE Google Android
NVD
CVSS 3.0
7.0
EPSS
0.7%
CVE-2019-5216 HIGH This Week

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Huawei Information Disclosure Honor View 10 Firmware Honor 10 Firmware +1
NVD
CVSS 3.0
7.0
EPSS
0.7%
CVE-2019-12448 HIGH This Week

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Gvfs
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-5796 HIGH POC This Week

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Google Chrome Backports Sle +1
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-0114 MEDIUM This Month

A race condition in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Intel Graphics Driver
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2019-11815 HIGH POC PATCH This Week

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Linux Information Disclosure Linux Kernel Ubuntu Linux +12
NVD GitHub
CVSS 3.1
8.1
EPSS
4.5%
CVE-2019-11675 HIGH This Week

The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Debian Groonga Httpd
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2019-11486 HIGH PATCH This Week

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. Rated high severity (CVSS 7.0).

Race Condition Linux Siemens Information Disclosure Linux Kernel +9
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Vm Memory
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Information Disclosure +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into. Rated medium severity (CVSS 6.3).

Race Condition Information Disclosure Oddjob
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Race Condition Microsoft Information Disclosure +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 7.0
HIGH POC This Week

The S. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Sg 150 0 Firmware
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition,. Rated medium severity (CVSS 4.1).

Race Condition Linux Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Backports Sle +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails. Rated high severity (CVSS 7.0).

Race Condition RCE Linux +23
NVD
EPSS 2% CVSS 3.7
LOW POC PATCH Monitor

An issue was discovered in OpenVPN 2.4.x before 2.4.9. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Code Injection Openvpn +2
NVD GitHub
EPSS 6% CVSS 8.1
HIGH KEV THREAT This Week

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Mozilla Information Disclosure +2
NVD
EPSS 3% CVSS 8.1
HIGH POC KEV THREAT This Week

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Mozilla Information Disclosure +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Intel +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Privilege Escalation +4
NVD
EPSS 1% CVSS 3.1
LOW Monitor

A race condition was addressed with additional validation. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Microsoft +7
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Samsung Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Samsung Information Disclosure +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Janus
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Janus
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

An issue was discovered in Janus through 0.9.1. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Janus
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

In the netlink driver, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Froxlor through 0.10.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition PHP +1
NVD
EPSS 1% CVSS 7.0
HIGH This Week

A race condition was addressed with improved locking. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +2
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Gogs
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In binder_thread_release of binder.c, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Denial Of Service +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Microsoft +2
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Intel Information Disclosure +3
NVD
EPSS 0% CVSS 2.5
LOW Monitor

A race condition existed when reading and writing user preferences. Rated low severity (CVSS 2.5). No vendor patch available.

Race Condition Apple Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A validation issue existed in the handling of symlinks. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Apple Information Disclosure +1
NVD
EPSS 14% CVSS 7.0
HIGH POC THREAT Act Now

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure +2
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

A race condition existed during the installation of iCloud for Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft RCE +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A race condition existed during the installation of iTunes for Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft RCE +1
NVD
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Java Privilege Escalation +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required.

Race Condition Linux Information Disclosure +1
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Webtitan
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Privilege Escalation Google +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition RCE P30 Firmware +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.0).

Race Condition Microsoft Information Disclosure +3
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Qualcomm +41
NVD Exploit-DB
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Adobe +1
NVD
EPSS 0% CVSS 7.0
HIGH POC This Week

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Sudo
NVD GitHub
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Privilege Escalation +18
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen +3
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a race. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition RCE Adobe +2
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Extensible Operating System
NVD
EPSS 3% CVSS 5.9
MEDIUM This Month

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Big Ip Local Traffic Manager +16
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Xen +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure +21
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In hostapd, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In the Easel driver, there is possible memory corruption due to race conditions. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In the Easel driver, there is possible memory corruption due to race conditions. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Mozilla +3
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. Rated medium severity (CVSS 4.8). No vendor patch available.

Race Condition Intel Information Disclosure +242
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Beego
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Gitlab
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Android kernel in the video driver there is a use after free due to a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Privilege Escalation +3
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4).

Race Condition Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In the Android kernel in the mnh driver there is a race condition due to insufficient locking. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Google +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Freebsd +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Antivirus
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Google +1
NVD
EPSS 3% CVSS 8.1
HIGH This Week

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Vxworks +11
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Elastic Information Disclosure +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Zstandard
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure +22
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure +24
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla +1
NVD
EPSS 1% CVSS 8.3
HIGH This Week

A race condition is present in the crash generation server used to generate data for the crash reporter. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Microsoft +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Qualcomm +39
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM This Month

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Race Condition Ssl Orchestrator
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Calamares
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Race Condition Apple +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow +3
NVD
EPSS 1% CVSS 7.0
HIGH This Week

In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Denial Of Service RCE +2
NVD
EPSS 1% CVSS 7.0
HIGH This Week

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Huawei Information Disclosure +3
NVD
EPSS 2% CVSS 8.1
HIGH This Week

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Gvfs
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Google +3
NVD Exploit-DB
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Intel +1
NVD
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Linux Information Disclosure +14
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Debian +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. Rated high severity (CVSS 7.0).

Race Condition Linux Siemens +11
NVD GitHub
Prev Page 16 of 21 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy