Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2898 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-02-28 | 8.5 HIGH | 7.5 HIGH |
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. | |||||
CVE-2017-15649 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. | |||||
CVE-2017-9697 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table. | |||||
CVE-2017-1000367 | 1 Sudo Project | 1 Sudo | 2024-02-28 | 6.9 MEDIUM | 6.4 MEDIUM |
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | |||||
CVE-2017-15037 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. | |||||
CVE-2017-15265 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. | |||||
CVE-2017-15588 | 1 Xen | 1 Xen | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. | |||||
CVE-2017-15129 | 4 Canonical, Fedoraproject, Linux and 1 more | 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more | 2024-02-28 | 4.9 MEDIUM | 4.7 MEDIUM |
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. | |||||
CVE-2016-10297 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.0 HIGH |
In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | |||||
CVE-2017-11045 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition. | |||||
CVE-2017-11049 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow. | |||||
CVE-2014-9966 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. | |||||
CVE-2017-7115 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition. | |||||
CVE-2017-11025 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur. | |||||
CVE-2017-6167 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2024-02-28 | 8.5 HIGH | 7.5 HIGH |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. | |||||
CVE-2015-5947 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | |||||
CVE-2017-14902 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur. | |||||
CVE-2017-8280 | 1 Google | 1 Android | 2024-02-28 | 5.1 MEDIUM | 7.0 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. | |||||
CVE-2017-9677 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. | |||||
CVE-2017-9703 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition. |