Total
2153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2812 | 1 Mozilla | 1 Firefox | 2025-04-12 | 5.1 MEDIUM | 7.5 HIGH |
|
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.
|
|||||
| CVE-2016-9806 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
|
|||||
| CVE-2014-0226 | 4 Apache, Debian, Oracle and 1 more | 7 Http Server, Debian Linux, Enterprise Manager Ops Center and 4 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
|
|||||
| CVE-2016-0848 | 1 Google | 1 Android | 2025-04-12 | 7.2 HIGH | 8.4 HIGH |
|
Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.
|
|||||
| CVE-2015-7817 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2025-04-12 | 7.1 HIGH | N/A |
|
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
|
|||||
| CVE-2016-3258 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | 1.2 LOW | 4.7 MEDIUM |
|
Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass."
|
|||||
| CVE-2016-0723 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 5.6 MEDIUM | 6.8 MEDIUM |
|
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
|
|||||
| CVE-2015-1234 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.
|
|||||
| CVE-2015-3709 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
|
|||||
| CVE-2014-1441 | 1 Coreftp | 1 Core Ftp | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice.
|
|||||
| CVE-2014-0703 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2025-04-12 | 10.0 HIGH | N/A |
|
Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.
|
|||||
| CVE-2016-7911 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
|
|||||
| CVE-2016-7098 | 1 Gnu | 1 Wget | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
|
|||||
| CVE-2016-1670 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
|
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.
|
|||||
| CVE-2016-6156 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 1.9 LOW | 5.1 MEDIUM |
|
Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.
|
|||||
| CVE-2015-6126 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
|
Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application, aka "Windows PGM UAF Elevation of Privilege Vulnerability."
|
|||||
| CVE-2014-5033 | 3 Canonical, Debian, Kde | 4 Ubuntu Linux, Kde4libs, Kauth and 1 more | 2025-04-12 | 6.9 MEDIUM | N/A |
|
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
|
|||||
| CVE-2015-4170 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Compute Node Eus, Enterprise Linux For Ibm Z Systems Eus and 3 more | 2025-04-12 | 4.7 MEDIUM | 4.7 MEDIUM |
|
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
|
|||||
| CVE-2015-3339 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-12 | 6.2 MEDIUM | N/A |
|
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
|
|||||
| CVE-2014-3406 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-12 | 7.1 HIGH | N/A |
|
Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085.
|
|||||
| CVE-2014-9529 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
|
|||||
| CVE-2016-0930 | 1 Pivotal | 1 Operations Manager | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.
|
|||||
| CVE-2015-4203 | 1 Cisco | 2 Ios, Ubr10000 Cable Modem Termination System | 2025-04-12 | 5.4 MEDIUM | N/A |
|
Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.
|
|||||
| CVE-2016-3914 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operations, aka internal bug 30481342.
|
|||||
| CVE-2015-1882 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 8.5 HIGH | N/A |
|
Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.
|
|||||
| CVE-2015-8878 | 1 Php | 1 Php | 2025-04-12 | 7.1 HIGH | 5.9 MEDIUM |
|
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.
|
|||||
| CVE-2014-3509 | 1 Openssl | 1 Openssl | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.
|
|||||
| CVE-2015-4199 | 1 Cisco | 1 Ios | 2025-04-12 | 7.1 HIGH | N/A |
|
Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366.
|
|||||
| CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
|
|||||
| CVE-2015-7189 | 1 Mozilla | 1 Firefox | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.
|
|||||
| CVE-2016-2544 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.7 MEDIUM | 5.1 MEDIUM |
|
Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.
|
|||||
| CVE-2015-0609 | 1 Cisco | 1 Ios | 2025-04-12 | 7.1 HIGH | N/A |
|
Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752.
|
|||||
| CVE-2015-3212 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.9 MEDIUM | N/A |
|
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
|
|||||
| CVE-2015-2234 | 1 Lenovo | 1 System Update | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
|
|||||
| CVE-2015-3081 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors.
|
|||||
| CVE-2015-5754 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | N/A |
|
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.
|
|||||
| CVE-2015-0632 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 5.7 MEDIUM | N/A |
|
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.
|
|||||
| CVE-2016-9794 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
|
|||||
| CVE-2014-8750 | 1 Openstack | 1 Nova | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
|
|||||
| CVE-2015-0631 | 1 Cisco | 12 Ids 4210, Ids 4215, Ids 4220 and 9 more | 2025-04-12 | 7.1 HIGH | N/A |
|
Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688.
|
|||||