Total
1660 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-13905 | 1 Apple | 5 Iphone Os, Mac Os X, Macos and 2 more | 2024-08-05 | 8.1 High |
A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges. | ||||
CVE-2017-12410 | 1 Kaseya | 1 Virtual System Administrator | 2024-08-05 | N/A |
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITY\SYSTEM" privileges. | ||||
CVE-2017-12136 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-08-05 | N/A |
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | ||||
CVE-2017-12146 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-05 | 7.0 High |
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. | ||||
CVE-2017-11353 | 1 Yadm Project | 1 Yadm | 2024-08-05 | N/A |
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys. | ||||
CVE-2017-10914 | 1 Xen | 1 Xen | 2024-08-05 | N/A |
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | ||||
CVE-2017-10913 | 1 Xen | 1 Xen | 2024-08-05 | N/A |
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1. | ||||
CVE-2017-10915 | 1 Xen | 1 Xen | 2024-08-05 | N/A |
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. | ||||
CVE-2017-10661 | 3 Debian, Linux, Redhat | 12 Debian Linux, Linux Kernel, Enterprise Linux and 9 more | 2024-08-05 | 7.0 High |
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. | ||||
CVE-2017-9676 | 1 Google | 1 Android | 2024-08-05 | N/A |
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. | ||||
CVE-2017-9677 | 1 Google | 1 Android | 2024-08-05 | N/A |
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. | ||||
CVE-2017-8342 | 1 Radicale | 1 Radicale | 2024-08-05 | N/A |
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | ||||
CVE-2017-8281 | 1 Google | 1 Android | 2024-08-05 | N/A |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | ||||
CVE-2017-8280 | 1 Google | 1 Android | 2024-08-05 | N/A |
In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. | ||||
CVE-2017-8242 | 1 Google | 1 Android | 2024-08-05 | N/A |
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. | ||||
CVE-2017-8244 | 1 Google | 1 Android | 2024-08-05 | 7.0 High |
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). | ||||
CVE-2017-7543 | 2 Openstack, Redhat | 3 Neutron, Enterprise Linux, Openstack | 2024-08-05 | N/A |
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. | ||||
CVE-2017-7533 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2024-08-05 | 7.0 High |
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. | ||||
CVE-2017-7372 | 1 Google | 1 Android | 2024-08-05 | N/A |
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. | ||||
CVE-2017-7368 | 1 Google | 1 Android | 2024-08-05 | N/A |
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. |