Medium
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with…
Tag: Race Condition
All CVEs associated with "Race Condition". Page 13/20 • 2345 CVEs.
Subscribe CVEs: RSS for “Race Condition” · RSS (High+Critical only)
About “Race Condition”
A curated feed of “Race Condition”-related CVEs appears below. We currently track 2345 CVEs for this tag (all time). In the last 365 days, 591 were published. Average CVSS is 6.2 (all time; 6.6 over 365d), and 44% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition, CWE-416 - Use After Free.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2020-09-10
2020-09-08
High
CVE-2019-14119
u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdrago…
High
CVE-2018-13903
u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, M…
2020-09-02
High
CVE-2020-16602
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps…
2020-08-13
High
CVE-2020-8680
Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.
High
CVE-2020-0554
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local…
2020-08-11
High
CVE-2020-0238
In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privilege…
2020-08-06
High
CVE-2020-15702
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a…
2020-07-29
Medium
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executin…
2020-07-24
Medium
CVE-2020-10602
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI…
2020-07-17
Medium
CVE-2020-0305
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no…
Medium
CVE-2020-1641
A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP pac…
2020-07-09
High
CVE-2020-12420
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects…
High
CVE-2020-12416
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulner…
Medium
CVE-2020-12405
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and…
High
CVE-2020-7457
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS sock…
2020-07-06
Medium
CVE-2020-1839
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another proc…
2020-07-01
Medium
CVE-2020-4387
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. I…
Medium
CVE-2020-4386
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. I…
2020-06-30
Medium
CVE-2020-5969
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or infor…
2020-06-25
High
CVE-2020-9615
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful ex…
Medium
CVE-2020-5967
NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.
High
CVE-2020-3966
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a hea…
2020-06-24
Critical
CVE-2020-10279
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecuri…
2020-06-22
High
CVE-2019-14091
Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobil…
2020-06-18
Medium
CVE-2020-13882
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed l…
Medium
CVE-2020-14416
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/sli…
Medium
CVE-2020-3350
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the syst…
2020-06-11
High
CVE-2020-0218
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additiona…
Medium
CVE-2020-0199
In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privilege…
Medium
CVE-2020-0141
In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges nee…
Medium
CVE-2020-0126
In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction…
2020-06-10
High
CVE-2020-2032
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while p…
2020-06-09
High
CVE-2020-9839
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain el…
2020-06-03
Medium
CVE-2020-3353
A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected dev…
2020-06-02
High
CVE-2020-3680
A race condition can occur when using the fastrpc memory mapping API. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearabl…
2020-05-27
Medium
CVE-2020-10737
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into…
2020-05-26
High
CVE-2020-12387
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Fire…
2020-05-21
High
CVE-2020-12693
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows…
2020-05-15
Medium
CVE-2020-10744
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the…
2020-05-13
High
CVE-2020-2016
A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker wh…
High
CVE-2019-15879
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kerne…
2020-05-11
High
CVE-2020-5835
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.
2020-05-08
Medium
CVE-2020-10690
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp…
High
CVE-2019-14898
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have ot…
Medium
CVE-2012-0953
A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53.
2020-05-07
High
CVE-2020-9475
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can g…
2020-05-05
Medium
CVE-2020-12652
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition,…
2020-05-04
Medium
CVE-2020-12114
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to…
2020-04-30
High
CVE-2020-5876
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a…
High
CVE-2020-12050
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new co…
2020-04-29
High
CVE-2020-11884
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails…
2020-04-24
High
CVE-2020-6820
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thund…
High
CVE-2020-6819
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affec…
2020-04-22
Medium
CVE-2020-8833
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this ca…
2020-04-16
High
CVE-2019-14070
Possible use after free issue in pcm volume controls due to race condition exist in private data used in mixer controls in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Ind…
2020-04-15
Medium
CVE-2020-0568
Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access.
2020-04-08
Medium
CVE-2020-1629
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue aff…
High
CVE-2018-21040
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID i…
High
CVE-2018-21086
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SV…
High
CVE-2018-21085
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID…
High
CVE-2018-21084
An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-111…
2020-04-07
High
CVE-2017-18647
An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsu…
High
CVE-2017-18692
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a result…
High
CVE-2016-11030
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access,…
2020-04-02
Medium
CVE-2020-8017
A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software…
Medium
CVE-2020-8016
A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Developme…
2020-04-01
Low
CVE-2020-3894
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for W…
2020-03-27
High
CVE-2015-7335
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and…
2020-03-25
Medium
CVE-2020-3808
Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.
2020-03-24
High
CVE-2019-20568
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos and Qualcomm chipsets) software. A race condition causes a Use-After-Free. The Samsung ID is SVE-2019-15067 (S…
Medium
CVE-2020-10845
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2…
High
CVE-2020-10843
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February…
2020-03-14
Medium
CVE-2020-10577
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.
Medium
CVE-2020-10576
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.
Medium
CVE-2020-10575
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early o…
2020-03-11
Medium
CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with…
2020-03-10
Medium
CVE-2020-0066
In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n…
Medium
CVE-2020-0045
In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. Us…
2020-03-05
High
CVE-2020-10174
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses…
High
CVE-2019-14072
Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdrag…
2020-02-27
High
CVE-2020-3831
A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.
2020-02-25
Medium
CVE-2020-8793
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offl…
2020-02-21
Medium
CVE-2020-9329
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.
2020-02-18
Medium
CVE-2020-1814
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Danglin…
2020-02-14
High
CVE-2019-11215
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many co…
2020-02-13
High
CVE-2020-0030
In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User…
2020-02-12
High
CVE-2013-3685
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon,…
2020-02-11
High
CVE-2014-9748
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cau…
2020-02-03
Medium
CVE-2019-18567
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.
2020-01-27
High
CVE-2019-17102
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks a…
2020-01-21
High
CVE-2019-18932
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this direct…
2020-01-15
High
CVE-2020-3941
The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not presen…
Medium
CVE-2007-4774
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.
2020-01-08
Medium
CVE-2019-17021
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windo…
High
CVE-2019-17011
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulner…
High
CVE-2019-17010
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.…
Medium
CVE-2020-0008
In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional exec…
2019-12-31
Medium
CVE-2011-3585
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window whe…
2019-12-25
Medium
CVE-2019-19965
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race…
2019-12-18
Low
CVE-2019-8757
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may…
High
CVE-2019-8565
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.
High
CVE-2019-6236
A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer i…
High
CVE-2019-6232
A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer i…
2019-12-16
Medium
CVE-2019-16779
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent req…
2019-12-15
High
CVE-2014-3701
eDeploy has tmp file race condition flaws
2019-12-12
High
CVE-2019-10494
Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdrago…
2019-12-11
Medium
CVE-2019-19580
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an inc…
2019-12-03
Medium
CVE-2019-19537
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/…
Medium
CVE-2013-4235
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
2019-11-25
Medium
CVE-2012-5630
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
2019-11-21
High
CVE-2019-10486
Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics Connectivi…
2019-11-13
High
CVE-2019-2213
In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. Us…
2019-11-12
High
CVE-2019-5228
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earl…
High
CVE-2019-1416
An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.
2019-11-09
High
CVE-2009-4011
dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS con…
2019-11-06
High
CVE-2019-10529
Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,…
High
CVE-2006-4245
archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.
Medium
CVE-2019-8232
In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import fe…
2019-11-04
High
CVE-2019-18684
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and t…