Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18224 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. | |||||
CVE-2016-10435 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9625 and 49 more | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, in some QTEE syscall handlers, a TOCTOU vulnerability exists. | |||||
CVE-2018-4155 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2009-5152 | 1 Absolute | 1 Computrace Agent | 2024-02-28 | 1.9 LOW | 4.1 MEDIUM |
Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file. | |||||
CVE-2018-5873 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. | |||||
CVE-2018-5826 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver. | |||||
CVE-2018-12691 | 1 Onosproject | 1 Onos | 2024-02-28 | 4.3 MEDIUM | 6.8 MEDIUM |
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | |||||
CVE-2017-16512 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. | |||||
CVE-2017-3158 | 1 Apache | 1 Guacamole | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer. | |||||
CVE-2015-6569 | 1 Atlassian | 1 Floodlight | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack. | |||||
CVE-2016-10432 | 1 Qualcomm | 22 Sd 410, Sd 410 Firmware, Sd 412 and 19 more | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to tQSEE system call. | |||||
CVE-2017-7326 | 1 Yandex | 1 Yandex Browser | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | |||||
CVE-2018-4230 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition. | |||||
CVE-2018-12232 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.1 HIGH | 5.9 MEDIUM |
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. | |||||
CVE-2018-8025 | 1 Apache | 1 Hbase | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. | |||||
CVE-2015-1862 | 1 Abrt Project | 1 Abrt | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment. | |||||
CVE-2017-9691 | 1 Google | 1 Android | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. | |||||
CVE-2018-12029 | 2 Debian, Phusion | 2 Debian Linux, Passenger | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. | |||||
CVE-2017-15843 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
CVE-2018-3561 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. |