Total
1761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4386 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268. | |||||
| CVE-2020-3966 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-11-21 | 3.7 LOW | 7.5 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3941 | 2 Microsoft, Vmware | 2 Windows, Tools | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. | |||||
| CVE-2020-3894 | 1 Apple | 6 Icloud, Ipad Os, Iphone Os and 3 more | 2024-11-21 | 2.6 LOW | 3.1 LOW |
| A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. | |||||
| CVE-2020-3831 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 7.6 HIGH | 7.0 HIGH |
| A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3353 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition. | |||||
| CVE-2020-3350 | 4 Canonical, Cisco, Debian and 1 more | 5 Ubuntu Linux, Advanced Malware Protection For Endpoints, Clam Antivirus and 2 more | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
| A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. | |||||
| CVE-2020-3163 | 1 Cisco | 1 Unified Contact Center Enterprise | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection. | |||||
| CVE-2020-36558 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.1 MEDIUM |
| A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |||||
| CVE-2020-36557 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.1 MEDIUM |
| A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | |||||
| CVE-2020-36458 | 1 Lexer Project | 1 Lexer | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send. | |||||
| CVE-2020-36454 | 1 Parc Project | 1 Parc | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak<T> has an unconditional implementation of Send without trait bounds on T. | |||||
| CVE-2020-36447 | 1 V9 Project | 1 V9 | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef<T>. | |||||
| CVE-2020-36446 | 1 Signal-simple Project | 1 Signal-simple | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel<T>. | |||||
| CVE-2020-36445 | 1 Project | 1 Convec | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec<T>. | |||||
| CVE-2020-36444 | 1 Async-coap Project | 1 Async-coap | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC. | |||||
| CVE-2020-36442 | 1 Beef Project | 1 Beef | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait. | |||||
| CVE-2020-36441 | 1 Abox Project | 1 Abox | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox<T> with no requirement for T: Send and T: Sync. | |||||
| CVE-2020-36440 | 1 Libsbc Project | 1 Libsbc | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder<R>, it implements Send for any R: Read. | |||||
| CVE-2020-36439 | 1 Ticketed Lock Project | 1 Ticketed Lock | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket<T> and WriteTicket<T>. | |||||