Filtered by CWE-362
Total 1978 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-3111 2 Pulpproject, Redhat 3 Pulp, Satellite, Satellite Capsule 2025-04-20 N/A
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
CVE-2015-8239 1 Sudo Project 1 Sudo 2025-04-20 N/A
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
CVE-2017-7533 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more 2025-04-20 7.0 High
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
CVE-2015-5948 1 Salesagility 1 Suitecrm 2025-04-20 N/A
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
CVE-2015-5947 1 Salesagility 1 Suitecrm 2025-04-20 8.1 High
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
CVE-2015-5232 1 Cornelisnetworks 2 Opa-ff, Opa-fm 2025-04-20 8.1 High
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
CVE-2016-10027 2 Fedoraproject, Igniterealtime 2 Fedora, Smack 2025-04-20 5.9 Medium
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVE-2016-9381 2 Citrix, Qemu 2 Xenserver, Qemu 2025-04-20 7.5 High
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVE-2014-9966 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.
CVE-2014-9936 1 Google 1 Android 2025-04-20 N/A
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel.
CVE-2014-9914 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 7.8 High
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.
CVE-2017-11353 1 Yadm Project 1 Yadm 2025-04-20 N/A
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.
CVE-2015-1865 1 Gnu 1 Coreutils 2025-04-20 N/A
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
CVE-2015-1325 1 Canonical 1 Ubuntu Linux 2025-04-20 N/A
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
CVE-2014-9941 1 Google 1 Android 2025-04-20 N/A
In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
CVE-2017-0727 1 Google 1 Android 2025-04-20 N/A
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
CVE-2016-10200 3 Google, Linux, Redhat 6 Android, Linux Kernel, Enterprise Linux and 3 more 2025-04-20 7.0 High
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
CVE-2017-9718 1 Google 1 Android 2025-04-20 N/A
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.
CVE-2017-9697 1 Google 1 Android 2025-04-20 N/A
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.
CVE-2017-9685 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.