Total
2153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0439 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 6.5 MEDIUM |
|
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-42832 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 6.4 MEDIUM |
|
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-42831 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 6.4 MEDIUM |
|
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-46689 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-04-21 | N/A | 7.0 HIGH |
|
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-20567 | 1 Google | 1 Android | 2025-04-21 | N/A | 6.4 MEDIUM |
|
In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel
|
|||||
| CVE-2015-7543 | 2 Artsproject, Kde | 2 Arts, Kdelibs | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
|
|||||
| CVE-2017-9718 | 1 Google | 1 Android | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.
|
|||||
| CVE-2015-8996 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.
|
|||||
| CVE-2017-9697 | 1 Google | 1 Android | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.
|
|||||
| CVE-2017-11353 | 1 Yadm Project | 1 Yadm | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.
|
|||||
| CVE-2017-11823 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
|
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
|
|||||
| CVE-2017-5061 | 5 Apple, Google, Linux and 2 more | 7 Macos, Chrome, Linux Kernel and 4 more | 2025-04-20 | 2.6 LOW | 5.3 MEDIUM |
|
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2017-0794 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
|
|||||
| CVE-2015-8997 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.
|
|||||
| CVE-2017-14317 | 1 Xen | 1 Xen | 2025-04-20 | 4.7 MEDIUM | 5.6 MEDIUM |
|
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).
|
|||||
| CVE-2017-0462 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.
|
|||||
| CVE-2017-2533 | 1 Apple | 1 Mac Os X | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
|||||
| CVE-2017-6979 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
|||||
| CVE-2016-10200 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
|
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
|
|||||
| CVE-2015-5232 | 1 Cornelisnetworks | 2 Opa-ff, Opa-fm | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
|
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
|
|||||
| CVE-2017-14483 | 1 Gentoo | 1 Dev-python-flower | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
|
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
|
|||||
| CVE-2017-6408 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
|
|||||
| CVE-2017-6167 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2025-04-20 | 8.5 HIGH | 7.5 HIGH |
|
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.
|
|||||
| CVE-2015-7553 | 1 Redhat | 3 Enterprise Linux, Enterprise Mrg, Kernel-rt | 2025-04-20 | 4.7 MEDIUM | 4.7 MEDIUM |
|
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.
|
|||||
| CVE-2017-6615 | 1 Cisco | 1 Ios Xe | 2025-04-20 | 6.3 MEDIUM | 6.3 MEDIUM |
|
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could t ...
Show More |
|||||
| CVE-2016-3106 | 1 Pulpproject | 1 Pulp | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.
|
|||||
| CVE-2017-5068 | 5 Apple, Google, Linux and 2 more | 7 Macos, Chrome, Linux Kernel and 4 more | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
|
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.
|
|||||
| CVE-2017-15588 | 1 Xen | 1 Xen | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
|
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
|
|||||
| CVE-2017-5986 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
|
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
|
|||||
| CVE-2015-5948 | 1 Salesagility | 1 Suitecrm | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
|
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
|
|||||
| CVE-2017-1000405 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
|
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it ...
Show More |
|||||
| CVE-2017-6001 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
|
|||||
| CVE-2014-9914 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.
|
|||||
| CVE-2015-5191 | 2 Linux, Vmware | 2 Linux Kernel, Tools | 2025-04-20 | 3.7 LOW | 6.7 MEDIUM |
|
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
|||||
| CVE-2015-7891 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
|
|||||
| CVE-2017-8342 | 1 Radicale | 1 Radicale | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
|
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
|
|||||
| CVE-2017-9682 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.
|
|||||
| CVE-2017-14902 | 1 Google | 1 Android | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur.
|
|||||
| CVE-2017-15037 | 1 Freebsd | 1 Freebsd | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.
|
|||||
| CVE-2016-4982 | 1 Teether | 1 Authd | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
|
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.
|
|||||