Total
1703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7543 | 2 Artsproject, Kde | 2 Arts, Kdelibs | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
| aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | |||||
| CVE-2017-5986 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. | |||||
| CVE-2014-9966 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. | |||||
| CVE-2016-4982 | 1 Teether | 1 Authd | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
| authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | |||||
| CVE-2017-5899 | 1 S-nail Project | 1 S-nail | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument. | |||||
| CVE-2017-2636 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
| CVE-2016-9962 | 1 Docker | 1 Docker | 2025-04-20 | 4.4 MEDIUM | 6.4 MEDIUM |
| RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. | |||||
| CVE-2017-7533 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. | |||||
| CVE-2015-9022 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. | |||||
| CVE-2017-11049 | 1 Google | 1 Android | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow. | |||||
| CVE-2017-8280 | 1 Google | 1 Android | 2025-04-20 | 5.1 MEDIUM | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. | |||||
| CVE-2017-2898 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 8.5 HIGH | 7.5 HIGH |
| An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. | |||||
| CVE-2015-8996 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2017-10914 | 1 Xen | 1 Xen | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | |||||
| CVE-2016-0764 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2025-04-20 | 2.1 LOW | 6.2 MEDIUM |
| Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | |||||
| CVE-2017-9697 | 1 Google | 1 Android | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table. | |||||
| CVE-2017-15037 | 1 Freebsd | 1 Freebsd | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. | |||||
| CVE-2017-8281 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | |||||
| CVE-2017-15357 | 1 Arqbackup | 1 Arq | 2025-04-20 | 6.9 MEDIUM | 7.4 HIGH |
| The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | |||||
| CVE-2017-6874 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts. | |||||