Total
1513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2546 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.7 MEDIUM | 5.1 MEDIUM |
| sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. | |||||
| CVE-2016-2547 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.7 MEDIUM | 5.1 MEDIUM |
| sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. | |||||
| CVE-2015-2234 | 1 Lenovo | 1 System Update | 2024-02-28 | 6.9 MEDIUM | N/A |
| Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. | |||||
| CVE-2015-4199 | 1 Cisco | 1 Ios | 2024-02-28 | 7.1 HIGH | N/A |
| Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366. | |||||
| CVE-2016-6136 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
| Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability. | |||||
| CVE-2015-7550 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. | |||||
| CVE-2015-6126 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
| Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application, aka "Windows PGM UAF Elevation of Privilege Vulnerability." | |||||
| CVE-2015-5754 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | N/A |
| Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error. | |||||
| CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | |||||
| CVE-2016-1975 | 2 Mozilla, Webrtc Project | 2 Firefox, Webrtc | 2024-02-28 | 6.8 MEDIUM | 6.3 MEDIUM |
| Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-4247 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2024-02-28 | 2.6 LOW | 5.3 MEDIUM |
| Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2812 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
| Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. | |||||
| CVE-2015-5189 | 1 Pacemaker\/corosync Configuration System Project | 1 Pacemaker\/corosync Configuration System | 2024-02-28 | 4.9 MEDIUM | N/A |
| Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. | |||||
| CVE-2015-2715 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2024-02-28 | 6.8 MEDIUM | N/A |
| Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. | |||||
| CVE-2015-3709 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.9 MEDIUM | N/A |
| Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. | |||||
| CVE-2016-2544 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.7 MEDIUM | 5.1 MEDIUM |
| Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. | |||||
| CVE-2016-7777 | 1 Xen | 1 Xen | 2024-02-28 | 3.3 LOW | 6.3 MEDIUM |
| Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. | |||||
| CVE-2015-7820 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2024-02-28 | 7.1 HIGH | N/A |
| Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. | |||||
| CVE-2015-2418 | 1 Microsoft | 1 Malicious Software Removal Tool | 2024-02-28 | 6.9 MEDIUM | N/A |
| Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability." | |||||
| CVE-2016-4583 | 2 Apple, Webkitgtk | 5 Iphone Os, Safari, Tvos and 2 more | 2024-02-28 | 2.6 LOW | 3.1 LOW |
| WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. | |||||