Search
Total
1179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1325 | 1 Canonical | 1 Ubuntu Linux | 2017-08-30 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges. | |||||
| CVE-2014-4813 | 2 Ibm, Linux | 2 Tivoli Storage Manager, Linux Kernel | 2017-08-29 | 6.9 MEDIUM | N/A |
| Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors. | |||||
| CVE-2014-4438 | 1 Apple | 1 Mac Os X | 2017-08-29 | 6.9 MEDIUM | N/A |
| Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. | |||||
| CVE-2014-4353 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | |||||
| CVE-2014-1921 | 1 Parcimonie Project | 1 Parcimonie | 2017-08-29 | 7.5 HIGH | N/A |
| parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors. | |||||
| CVE-2014-4386 | 1 Apple | 1 Iphone Os | 2017-08-29 | 1.9 LOW | N/A |
| Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | |||||
| CVE-2012-2737 | 1 Ray Stode | 1 Accountsservice | 2017-08-29 | 1.9 LOW | N/A |
| The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition. | |||||
| CVE-2012-3500 | 2 Devscripts Devel Team, Fedora | 2 Devscripts, Rpmdevtools | 2017-08-29 | 1.2 LOW | N/A |
| scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. | |||||
| CVE-2017-9685 | 1 Google | 1 Android | 2017-08-27 | 9.3 HIGH | 8.1 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | |||||
| CVE-2017-8262 | 1 Google | 1 Android | 2017-08-23 | 7.6 HIGH | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. | |||||
| CVE-2016-10383 | 1 Google | 1 Android | 2017-08-23 | 9.3 HIGH | 8.1 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | |||||
| CVE-2017-8265 | 1 Google | 1 Android | 2017-08-22 | 5.1 MEDIUM | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. | |||||
| CVE-2017-8266 | 1 Google | 1 Android | 2017-08-22 | 5.1 MEDIUM | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. | |||||
| CVE-2017-8270 | 1 Google | 1 Android | 2017-08-22 | 5.1 MEDIUM | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. | |||||
| CVE-2017-8267 | 1 Google | 1 Android | 2017-08-22 | 7.6 HIGH | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. | |||||
| CVE-2017-9684 | 1 Google | 1 Android | 2017-08-22 | 7.6 HIGH | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. | |||||
| CVE-2017-9682 | 1 Google | 1 Android | 2017-08-22 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | |||||
| CVE-2011-0990 | 2 Mono, Novell | 2 Mono, Moonlight | 2017-08-17 | 5.8 MEDIUM | N/A |
| Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. | |||||
| CVE-2010-1775 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2017-08-17 | 1.9 LOW | N/A |
| Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. | |||||
| CVE-2009-4129 | 1 Mozilla | 1 Firefox | 2017-08-17 | 5.8 MEDIUM | N/A |
| Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. | |||||
| CVE-2009-4226 | 1 Sun | 1 Opensolaris | 2017-08-17 | 7.1 HIGH | N/A |
| Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function. | |||||
| CVE-2009-2794 | 1 Apple | 1 Iphone Os | 2017-08-17 | 4.6 MEDIUM | N/A |
| The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. | |||||
| CVE-2009-1215 | 1 Gnu | 1 Gnu Screen | 2017-08-17 | 1.9 LOW | N/A |
| Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. | |||||
| CVE-2008-6598 | 1 Sangoma | 1 Wanpipe | 2017-08-17 | 10.0 HIGH | N/A |
| Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic." | |||||
| CVE-2016-4982 | 1 Teether | 1 Authd | 2017-08-09 | 1.9 LOW | 4.7 MEDIUM |
| authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | |||||
| CVE-2015-5191 | 2 Linux, Vmware | 2 Linux Kernel, Tools | 2017-08-08 | 3.7 LOW | 6.7 MEDIUM |
| VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | |||||
| CVE-2008-4392 | 1 D.j.bernstein | 1 Djbdns | 2017-08-08 | 6.4 MEDIUM | N/A |
| dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query. | |||||
| CVE-2008-3646 | 1 Apple | 1 Mac Os X | 2017-08-08 | 6.8 MEDIUM | N/A |
| The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. | |||||
| CVE-2008-2958 | 1 Checkinstall | 1 Checkinstall | 2017-08-08 | 4.4 MEDIUM | N/A |
| Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories. | |||||
| CVE-2008-2311 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.6 HIGH | N/A |
| Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | |||||
| CVE-2008-1570 | 1 Policyd-weight | 1 Policyd-weight | 2017-08-08 | 6.9 MEDIUM | N/A |
| Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569. | |||||
| CVE-2008-0059 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.8 MEDIUM | N/A |
| Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | |||||
| CVE-2008-0058 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.8 MEDIUM | N/A |
| Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | |||||
| CVE-2008-0055 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.2 HIGH | N/A |
| Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | |||||
| CVE-2015-7891 | 1 Samsung | 1 Samsung Mobile | 2017-08-04 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | |||||
| CVE-2015-7543 | 2 Artsproject, Kde | 2 Arts, Kdelibs | 2017-07-31 | 4.4 MEDIUM | 7.0 HIGH |
| aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | |||||
| CVE-2007-6180 | 1 Sun | 1 Solaris | 2017-07-29 | 7.6 HIGH | N/A |
| Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. | |||||
| CVE-2007-5847 | 1 Apple | 1 Mac Os X | 2017-07-29 | 6.6 MEDIUM | N/A |
| Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | |||||
| CVE-2007-5154 | 1 Aimluck | 2 Aipo, Aipo Asp | 2017-07-29 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2007-1741 | 1 Apache | 1 Http Server | 2017-07-29 | 6.2 MEDIUM | N/A |
| Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." | |||||
| CVE-2007-1249 | 1 Contelligent | 1 C1 Financial Services | 2017-07-29 | 6.8 MEDIUM | N/A |
| MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components. | |||||
| CVE-2004-2697 | 1 Ibm | 1 Aix | 2017-07-29 | 6.9 MEDIUM | N/A |
| The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. | |||||
| CVE-2003-1438 | 1 Bea | 1 Weblogic Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | |||||
| CVE-2004-2698 | 1 Imwheel | 1 Imwheel | 2017-07-29 | 6.9 MEDIUM | N/A |
| Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file. | |||||
| CVE-2002-2244 | 1 Akfingerd | 1 Akfingerd | 2017-07-29 | 2.1 LOW | N/A |
| Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle. | |||||
| CVE-2017-11353 | 1 Yadm Project | 1 Yadm | 2017-07-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys. | |||||
| CVE-2014-9914 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.2 HIGH | 7.8 HIGH |
| Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. | |||||
| CVE-2017-2421 | 1 Apple | 1 Mac Os X | 2017-07-12 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2015-8996 | 1 Google | 1 Android | 2017-07-11 | 7.6 HIGH | 7.0 HIGH |
| In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2014-9936 | 1 Google | 1 Android | 2017-07-11 | 7.6 HIGH | 7.0 HIGH |
| In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. | |||||