Total
1938 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14329 | 1 Htslib | 1 Htslib | 2024-11-21 | 4.7 Medium |
| In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2018-13909 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2024-11-21 | N/A |
| Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | ||||
| CVE-2018-13903 | 1 Qualcomm | 22 Apq8053, Apq8053 Firmware, Mdm9205 and 19 more | 2024-11-21 | 8.1 High |
| u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, SDM450, SM8150 | ||||
| CVE-2018-12691 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
| Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | ||||
| CVE-2018-12633 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. | ||||
| CVE-2018-12232 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
| In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. | ||||
| CVE-2018-12029 | 2 Debian, Phusion | 2 Debian Linux, Passenger | 2024-11-21 | N/A |
| A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. | ||||
| CVE-2018-11998 | 1 Qualcomm | 30 Mdm9206, Mdm9206 Firmware, Mdm9607 and 27 more | 2024-11-21 | N/A |
| While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016 | ||||
| CVE-2018-11818 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition. | ||||
| CVE-2018-11324 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. | ||||
| CVE-2018-10850 | 3 Debian, Fedoraproject, Redhat | 9 Debian Linux, 389 Directory Server, Enterprise Linux and 6 more | 2024-11-21 | N/A |
| 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. | ||||
| CVE-2018-1000004 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2024-11-21 | N/A |
| In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. | ||||
| CVE-2018-0492 | 2 Beep Project, Debian | 2 Beep, Debian Linux | 2024-11-21 | N/A |
| Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | ||||
| CVE-2017-9691 | 1 Google | 1 Android | 2024-11-21 | N/A |
| There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. | ||||
| CVE-2017-7543 | 2 Openstack, Redhat | 3 Neutron, Enterprise Linux, Openstack | 2024-11-21 | N/A |
| A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. | ||||
| CVE-2017-7326 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | N/A |
| Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | ||||
| CVE-2017-7151 | 2 Apple, Microsoft | 6 Iphone Os, Itunes, Mac Os X and 3 more | 2024-11-21 | N/A |
| A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4. | ||||
| CVE-2017-7004 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app. | ||||
| CVE-2017-6296 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2024-11-21 | N/A |
| NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. | ||||
| CVE-2017-5427 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52. | ||||