Total
1761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12029 | 2 Debian, Phusion | 2 Debian Linux, Passenger | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. | |||||
| CVE-2018-11998 | 1 Qualcomm | 30 Mdm9206, Mdm9206 Firmware, Mdm9607 and 27 more | 2024-11-21 | 7.9 HIGH | 7.5 HIGH |
| While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016 | |||||
| CVE-2018-11818 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition. | |||||
| CVE-2018-11324 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. | |||||
| CVE-2018-10850 | 3 Debian, Fedoraproject, Redhat | 9 Debian Linux, 389 Directory Server, Enterprise Linux and 6 more | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. | |||||
| CVE-2018-1000004 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. | |||||
| CVE-2018-0492 | 2 Beep Project, Debian | 2 Beep, Debian Linux | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | |||||
| CVE-2018-0480 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 5.7 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition. | |||||
| CVE-2017-9691 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. | |||||
| CVE-2017-7543 | 2 Openstack, Redhat | 3 Neutron, Enterprise Linux, Openstack | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. | |||||
| CVE-2017-7326 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | |||||
| CVE-2017-7151 | 2 Apple, Microsoft | 6 Iphone Os, Itunes, Mac Os X and 3 more | 2024-11-21 | 5.1 MEDIUM | 7.0 HIGH |
| A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4. | |||||
| CVE-2017-7004 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 5.1 MEDIUM | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app. | |||||
| CVE-2017-6296 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. | |||||
| CVE-2017-5427 | 1 Mozilla | 1 Firefox | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52. | |||||
| CVE-2017-3158 | 1 Apache | 1 Guacamole | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer. | |||||
| CVE-2017-2619 | 3 Debian, Redhat, Samba | 3 Debian Linux, Enterprise Linux, Samba | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | |||||
| CVE-2017-2616 | 3 Debian, Redhat, Util-linux Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. | |||||
| CVE-2017-20004 | 1 Rust-lang | 1 Rust | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions. | |||||
| CVE-2017-18692 | 3 Google, Qualcomm, Samsung | 7 Android, Msm8939, Msm8996 and 4 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a resultant buffer overflow, in the sec_ts touchscreen sysfs interface. The Samsung ID is SVE-2016-7501 (January 2017). | |||||