Search
Total
483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10439 | 1 Qualcomm | 16 Sd 425, Sd 425 Firmware, Sd 430 and 13 more | 2018-05-01 | 9.3 HIGH | 8.1 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer dereference is being validated without promising the pointer hasn't been changed by the HLOS program. | |||||
| CVE-2016-10409 | 1 Qualcomm | 18 Sd 425, Sd 425 Firmware, Sd 430 and 15 more | 2018-05-01 | 9.3 HIGH | 8.1 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, TOCTOU vulnerability may occur while composing the RPMB request using HLOS controlled buffers. | |||||
| CVE-2016-10432 | 1 Qualcomm | 22 Sd 410, Sd 410 Firmware, Sd 412 and 19 more | 2018-05-01 | 9.3 HIGH | 8.1 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to tQSEE system call. | |||||
| CVE-2018-8885 | 1 Canonical | 2 Screen-resolution-extra, Ubuntu Linux | 2018-04-27 | 4.4 MEDIUM | 7.0 HIGH |
| screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call. | |||||
| CVE-2017-15826 | 1 Google | 1 Android | 2018-04-23 | 4.4 MEDIUM | 7.8 HIGH |
| Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures. | |||||
| CVE-2018-7562 | 1 Glpi-project | 1 Glpi | 2018-04-11 | 6.0 MEDIUM | 7.5 HIGH |
| A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php. | |||||
| CVE-2017-11082 | 1 Google | 1 Android | 2018-04-05 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs. | |||||
| CVE-2017-15834 | 1 Google | 1 Android | 2018-04-04 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow. | |||||
| CVE-2018-3561 | 1 Google | 1 Android | 2018-04-04 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. | |||||
| CVE-2017-17712 | 1 Linux | 1 Linux Kernel | 2018-04-04 | 6.9 MEDIUM | 7.0 HIGH |
| The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. | |||||
| CVE-2017-6296 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2018-03-27 | 4.4 MEDIUM | 7.0 HIGH |
| NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. | |||||
| CVE-2018-7998 | 2 Debian, Libvips Project | 2 Debian Linux, Libvips | 2018-03-27 | 5.1 MEDIUM | 7.5 HIGH |
| In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. | |||||
| CVE-2018-7249 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2018-03-22 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. | |||||
| CVE-2017-15829 | 1 Google | 1 Android | 2018-03-12 | 6.9 MEDIUM | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition. | |||||
| CVE-2015-1862 | 1 Abrt Project | 1 Abrt | 2018-03-08 | 6.9 MEDIUM | 7.0 HIGH |
| The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment. | |||||
| CVE-2017-1000405 | 1 Linux | 1 Linux Kernel | 2018-02-13 | 6.9 MEDIUM | 7.0 HIGH |
| The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. | |||||
| CVE-2017-1000503 | 1 Jenkins | 1 Jenkins | 2018-02-12 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default. | |||||
| CVE-2017-3158 | 1 Apache | 1 Guacamole | 2018-02-05 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer. | |||||
| CVE-2017-13183 | 1 Google | 1 Android | 2018-02-02 | 6.2 MEDIUM | 7.0 HIGH |
| In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127. | |||||
| CVE-2017-7326 | 1 Yandex | 1 Yandex Browser | 2018-02-01 | 5.1 MEDIUM | 7.5 HIGH |
| Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | |||||
| CVE-2014-4995 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2018-01-30 | 1.9 LOW | 7.0 HIGH |
| Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed. | |||||
| CVE-2017-15847 | 1 Google | 1 Android | 2018-01-26 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. | |||||
| CVE-2017-6167 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2018-01-09 | 8.5 HIGH | 7.5 HIGH |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. | |||||
| CVE-2016-9794 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. | |||||
| CVE-2017-2636 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
| CVE-2017-7533 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. | |||||
| CVE-2016-9806 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. | |||||
| CVE-2016-10200 | 2 Google, Linux | 2 Android, Linux Kernel | 2018-01-05 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. | |||||
| CVE-2016-2069 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2018-01-05 | 4.4 MEDIUM | 7.4 HIGH |
| Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. | |||||
| CVE-2017-11049 | 1 Google | 1 Android | 2017-12-19 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow. | |||||
| CVE-2017-11045 | 1 Google | 1 Android | 2017-12-19 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition. | |||||
| CVE-2017-11044 | 1 Google | 1 Android | 2017-12-19 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition. | |||||
| CVE-2017-14902 | 1 Google | 1 Android | 2017-12-15 | 6.9 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur. | |||||
| CVE-2017-9703 | 1 Google | 1 Android | 2017-12-15 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition. | |||||
| CVE-2017-9708 | 1 Google | 1 Android | 2017-12-15 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg". | |||||
| CVE-2017-9718 | 1 Google | 1 Android | 2017-12-15 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite. | |||||
| CVE-2017-11025 | 1 Google | 1 Android | 2017-11-30 | 4.4 MEDIUM | 7.0 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur. | |||||
| CVE-2015-8239 | 1 Sudo Project | 1 Sudo | 2017-11-05 | 6.9 MEDIUM | 7.0 HIGH |
| The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. | |||||
| CVE-2017-10914 | 1 Xen | 1 Xen | 2017-11-04 | 6.8 MEDIUM | 8.1 HIGH |
| The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | |||||
| CVE-2017-6346 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. | |||||
| CVE-2017-2533 | 1 Apple | 1 Mac Os X | 2017-10-25 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2017-9697 | 1 Google | 1 Android | 2017-10-19 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table. | |||||
| CVE-2017-15037 | 1 Freebsd | 1 Freebsd | 2017-10-13 | 6.8 MEDIUM | 8.1 HIGH |
| In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. | |||||
| CVE-2017-0161 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-09-21 | 6.8 MEDIUM | 8.1 HIGH |
| The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability". | |||||
| CVE-2015-5948 | 1 Salesagility | 1 Suitecrm | 2017-09-09 | 9.3 HIGH | 8.1 HIGH |
| Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. | |||||
| CVE-2016-7098 | 1 Gnu | 1 Wget | 2017-09-03 | 6.8 MEDIUM | 8.1 HIGH |
| Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | |||||
| CVE-2015-1325 | 1 Canonical | 1 Ubuntu Linux | 2017-08-30 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges. | |||||
| CVE-2017-9685 | 1 Google | 1 Android | 2017-08-27 | 9.3 HIGH | 8.1 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | |||||
| CVE-2017-8262 | 1 Google | 1 Android | 2017-08-23 | 7.6 HIGH | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. | |||||
| CVE-2016-10383 | 1 Google | 1 Android | 2017-08-23 | 9.3 HIGH | 8.1 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | |||||