How severe is CVE-2020-15706?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2020-15706?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2020-15706

MEDIUM Year: 2020

CVSS v3 Score

6.4

Medium

CVSS v2 Score

4.4

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

CVE-2015-8511

MEDIUM

CVSS:6.4(Medium)

Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

CWE-3622015

CVE-2016-9962

MEDIUM

CVSS:6.4(Medium)

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-des...

CWE-3622016

CVE-2017-1000367

MEDIUM

CVSS:6.4(Medium)

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CWE-3622017

CVE-2018-9519

MEDIUM

CVSS:6.4(Medium)

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction i...

CWE-3622018

CVE-2019-2188

MEDIUM

CVSS:6.4(Medium)

In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...

CWE-3622019