CVE-2020-13173

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-362
View all →

Vulnerability Description

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.

Related Vulnerabilities

CVE-2014-9914

HIGH
CVSS:7.8(High)

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by l...

CWE-3622014

CVE-2016-3914

HIGH
CVSS:7.8(High)

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attacke...

CWE-3622016

CVE-2016-7911

HIGH
CVSS:7.8(High)

Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted iopr...

CWE-3622016

CVE-2016-8655

HIGH
CVSS:7.8(High)

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability...

CWE-3622016

CVE-2016-9038

HIGH
CVSS:7.8(High)

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corr...

CWE-3622016

CVE-2016-9794

HIGH
CVSS:7.8(High)

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or p...

CWE-3622016