How severe is CVE-2020-10737?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2020-10737?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2020-10737

MEDIUM Year: 2020

CVSS v3 Score

6.3

Medium

CVSS v2 Score

3.7

Low

Weakness Type

CWE-362

View all →

Vulnerability Description

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

CVE-2016-1975

MEDIUM

CVSS:6.3(Medium)

Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (...

CWE-3622016

CVE-2016-7777

MEDIUM

CVSS:6.3(Medium)

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on...

CWE-3622016

CVE-2018-12633

MEDIUM

CVSS:6.3(Medium)

An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of t...

CWE-3622018

CVE-2020-1839

MEDIUM

CVSS:6.3(Medium)

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another proce...

CWE-3622020

CVE-2020-25653

MEDIUM

CVSS:6.3(Medium)

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-...

CWE-3622020

CVE-2020-25775

MEDIUM

CVSS:6.3(Medium)

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the...

CWE-3622020

CVE-2020-10737

Vulnerability Description

Related Vulnerabilities

CVE-2016-1975

CVE-2016-7777

CVE-2018-12633

CVE-2020-1839

CVE-2020-25653

CVE-2020-25775