Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14317 | 1 Xen | 1 Xen | 2024-02-28 | 4.7 MEDIUM | 5.6 MEDIUM |
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.). | |||||
CVE-2017-8281 | 1 Google | 1 Android | 2024-02-28 | 2.6 LOW | 4.7 MEDIUM |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | |||||
CVE-2017-14748 | 1 Blizzard | 1 Overwatch | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. | |||||
CVE-2015-1325 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges. | |||||
CVE-2017-10915 | 1 Xen | 1 Xen | 2024-02-28 | 6.8 MEDIUM | 9.0 CRITICAL |
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. | |||||
CVE-2017-10914 | 1 Xen | 1 Xen | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | |||||
CVE-2017-12146 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. | |||||
CVE-2017-8148 | 1 Huawei | 2 P9, P9 Firmware | 2024-02-28 | 5.4 MEDIUM | 4.7 MEDIUM |
Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot. | |||||
CVE-2016-10383 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | |||||
CVE-2017-7368 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. | |||||
CVE-2017-6408 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured. | |||||
CVE-2016-9381 | 2 Citrix, Qemu | 2 Xenserver, Qemu | 2024-02-28 | 6.9 MEDIUM | 7.5 HIGH |
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |||||
CVE-2017-6874 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts. | |||||
CVE-2016-8655 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. | |||||
CVE-2017-2636 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
CVE-2015-8963 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. | |||||
CVE-2017-5986 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. | |||||
CVE-2017-7572 | 1 Backintime Project | 1 Backintime | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester. | |||||
CVE-2017-6346 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. | |||||
CVE-2016-10200 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. |