Skip to main content

Race Condition

1817 CVEs technique

Monthly

CVE-2017-7115 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Race Condition Apple +2
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
8.0%
CVE-2017-15649 HIGH POC PATCH This Week

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-15588 HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. Rated high severity (CVSS 7.8).

RCE Race Condition Xen
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-15265 HIGH PATCH This Week

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-11823 MEDIUM POC PATCH This Month

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD Exploit-DB
CVSS 3.0
6.7
EPSS
3.4%
CVE-2017-9697 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command. Rated high severity (CVSS 7.0). No vendor patch available.

Linux Google Race Condition Information Disclosure Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-8239 HIGH PATCH This Week

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Sudo
NVD
CVSS 3.0
7.0
EPSS
0.9%
CVE-2017-15038 MEDIUM PATCH This Month

Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to. Rated medium severity (CVSS 5.6).

Race Condition Information Disclosure Qemu
NVD
CVSS 3.0
5.6
EPSS
0.0%
CVE-2017-1000112 HIGH POC PATCH THREAT Act Now

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 82.9%.

Buffer Overflow Race Condition Linux Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
82.9%
Threat
5.4
CVE-2017-14748 MEDIUM This Month

Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Overwatch
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2015-1865 MEDIUM This Month

fts.c in coreutils 8.4 allows local users to delete arbitrary files. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Coreutils
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2017-14483 MEDIUM This Month

flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Python Information Disclosure Dev Python Flower
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-7553 MEDIUM This Month

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Linux Red Hat Enterprise Linux +2
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2017-0161 HIGH PATCH Act Now

The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.8%.

RCE Race Condition Microsoft Windows 10 Windows 7 +5
NVD
CVSS 3.0
8.1
EPSS
16.8%
CVE-2017-14317 MEDIUM PATCH This Month

A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. Rated medium severity (CVSS 5.6).

Denial Of Service Race Condition Xen
NVD
CVSS 3.0
5.6
EPSS
0.1%
CVE-2017-0794 HIGH This Week

A elevation of privilege vulnerability in the Upstream kernel scsi driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12146 HIGH PATCH This Week

The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2015-5948 HIGH POC PATCH This Week

Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Race Condition Suitecrm
NVD GitHub
CVSS 3.0
8.1
EPSS
2.8%
CVE-2015-5947 HIGH POC This Week

SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Suitecrm
NVD GitHub
CVSS 3.1
8.1
EPSS
4.8%
CVE-2015-1325 HIGH POC PATCH This Week

Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and. Rated high severity (CVSS 7.0). Public exploit code available.

Ubuntu Race Condition Information Disclosure Ubuntu Linux
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.4%
CVE-2017-12136 HIGH PATCH This Week

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Xen Xenserver Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9685 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-9684 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8270 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8266 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8265 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8262 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8257 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10383 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-0727 HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libgui). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7533 HIGH POC PATCH This Week

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that. Rated high severity (CVSS 7.0). Public exploit code available.

Buffer Overflow Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
9.4%
CVE-2015-7891 HIGH POC This Week

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Google Samsung Information Disclosure Samsung Mobile
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.2%
CVE-2015-5191 MEDIUM This Month

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Rated medium severity (CVSS 6.7). No vendor patch available.

Race Condition VMware Privilege Escalation Tools
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2015-7543 HIGH POC This Week

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Arts Kdelibs
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-11353 MEDIUM PATCH This Month

yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Yadm
NVD GitHub
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-4984 MEDIUM This Month

/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Openldap Servers
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2016-4982 MEDIUM This Month

authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Authd
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-0764 MEDIUM This Month

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Red Hat Information Disclosure Networkmanager
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2014-7953 HIGH This Week

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Race Condition Google Android
NVD
CVSS 3.0
7.0
EPSS
1.4%
CVE-2017-10915 CRITICAL Act Now

The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Xen
NVD
CVSS 3.0
9.0
EPSS
0.5%
CVE-2017-10914 HIGH This Week

The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Race Condition Xen
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-8242 MEDIUM PATCH This Month

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-7368 HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-9022 HIGH This Week

In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2014-9966 HIGH This Week

In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-5232 HIGH PATCH This Week

Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Opa Ff Opa Fm
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2016-10297 HIGH PATCH This Week

In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2014-9941 HIGH PATCH This Week

In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-1000367 MEDIUM POC THREAT This Month

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. Rated medium severity (CVSS 6.4). Public exploit code available and EPSS exploitation probability 19.9%.

Race Condition Information Disclosure Sudo
NVD Exploit-DB
CVSS 3.0
6.4
EPSS
19.9%
CVE-2017-6512 MEDIUM This Month

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2017-6979 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
2.3%
CVE-2017-2533 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple Mac Os X
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
2.3%
CVE-2017-2501 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
2.1%
CVE-2016-10242 HIGH PATCH This Week

A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-8997 HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-8996 HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2014-9936 HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-8244 HIGH This Week

In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Race Condition Google Linux Android
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2017-0343 HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Race Condition Microsoft Nvidia Gpu Driver
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-9256 HIGH This Week

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +7
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-8342 PyPI HIGH POC PATCH This Week

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Information Disclosure Radicale
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-5035 HIGH This Week

Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +4
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2016-3106 MEDIUM PATCH This Month

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Information Disclosure Pulp
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-0462 HIGH This Week

An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Qualcomm RCE Race Condition Google Linux Kernel
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2017-7572 HIGH This Week

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Backintime
NVD GitHub
CVSS 3.0
8.1
EPSS
0.6%
CVE-2017-2478 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
3.5%
CVE-2017-2456 HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
5.5%
CVE-2017-2421 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Race Condition Apple Mac Os X
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8556 CRITICAL POC THREAT Emergency

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

Race Condition Privilege Escalation Qemu
NVD Exploit-DB
CVSS 3.0
10.0
EPSS
21.2%
Threat
4.1
CVE-2017-6874 HIGH PATCH This Week

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-2636 HIGH PATCH This Week

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2017-6408 HIGH This Week

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Netbackup Netbackup Appliance
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-6346 HIGH PATCH This Week

Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-6001 HIGH PATCH This Week

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2017-5986 MEDIUM PATCH This Month

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2014-9914 HIGH PATCH This Week

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel Android
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-9962 Go MEDIUM PATCH This Month

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. Rated medium severity (CVSS 6.4).

Race Condition Information Disclosure Docker
NVD GitHub
CVSS 3.0
6.4
EPSS
0.1%
CVE-2016-9381 HIGH This Week

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Race Condition Information Disclosure Qemu Xenserver
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2016-10027 Maven MEDIUM PATCH This Month

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Smack Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2016-9806 HIGH PATCH This Week

Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-9794 HIGH PATCH This Week

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-6663 HIGH POC PATCH This Week

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Oracle MySQL Percona Server +2
NVD GitHub Exploit-DB
CVSS 3.0
7.0
EPSS
3.4%
CVE-2016-8655 HIGH POC PATCH THREAT Act Now

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 34.9%.

Denial Of Service Race Condition Linux Linux Kernel Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
34.9%
Threat
4.1
CVE-2016-7916 MEDIUM PATCH This Month

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-7911 HIGH PATCH This Week

Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2015-8963 HIGH PATCH This Week

Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2016-5195 HIGH POC KEV PATCH THREAT Act Now

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Race Condition Linux
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
94.2%
Threat
7.2
CVE-2016-3914 HIGH PATCH This Week

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Information Disclosure Java Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-0572 HIGH PATCH This Week

Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Google Linux Qualcomm +1
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2016-7777 MEDIUM PATCH This Month

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks. Rated medium severity (CVSS 6.3).

Race Condition Information Disclosure Xen
NVD
CVSS 3.0
6.3
EPSS
0.1%
EPSS 8% CVSS 8.1
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE +4
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Linux Information Disclosure +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. Rated high severity (CVSS 7.8).

RCE Race Condition Xen
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 3% CVSS 6.7
MEDIUM POC PATCH This Month

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Microsoft Authentication Bypass +2
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command. Rated high severity (CVSS 7.0). No vendor patch available.

Linux Google Race Condition +3
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Sudo
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to. Rated medium severity (CVSS 5.6).

Race Condition Information Disclosure Qemu
NVD
EPSS 83% 5.4 CVSS 7.0
HIGH POC PATCH THREAT Act Now

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 82.9%.

Buffer Overflow Race Condition Linux +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.3
MEDIUM This Month

Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Overwatch
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

fts.c in coreutils 8.4 allows local users to delete arbitrary files. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Coreutils
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Python Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Linux +4
NVD
EPSS 17% CVSS 8.1
HIGH PATCH Act Now

The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.8%.

RCE Race Condition Microsoft +7
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. Rated medium severity (CVSS 5.6).

Denial Of Service Race Condition Xen
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the Upstream kernel scsi driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure +1
NVD GitHub
EPSS 3% CVSS 8.1
HIGH POC PATCH This Week

Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Race Condition Suitecrm
NVD GitHub
EPSS 5% CVSS 8.1
HIGH POC This Week

SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Suitecrm
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and. Rated high severity (CVSS 7.0). Public exploit code available.

Ubuntu Race Condition Information Disclosure +1
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Xen +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 8.1
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A elevation of privilege vulnerability in the Android media framework (libgui). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Information Disclosure +1
NVD
EPSS 9% CVSS 7.0
HIGH POC PATCH This Week

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that. Rated high severity (CVSS 7.0). Public exploit code available.

Buffer Overflow Denial Of Service Race Condition +2
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.0
HIGH POC This Week

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Google Samsung +2
NVD Exploit-DB
EPSS 0% CVSS 6.7
MEDIUM This Month

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Rated medium severity (CVSS 6.7). No vendor patch available.

Race Condition VMware Privilege Escalation +1
NVD
EPSS 0% CVSS 7.0
HIGH POC This Week

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Arts +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Yadm
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Openldap Servers
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Authd
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Red Hat Information Disclosure +1
NVD
EPSS 1% CVSS 7.0
HIGH This Week

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Race Condition Google +1
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Xen
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Race Condition Xen
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Google Linux +2
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Opa Ff +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux +2
NVD
EPSS 20% CVSS 6.4
MEDIUM POC THREAT This Month

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. Rated medium severity (CVSS 6.4). Public exploit code available and EPSS exploitation probability 19.9%.

Race Condition Information Disclosure Sudo
NVD Exploit-DB
EPSS 1% CVSS 5.9
MEDIUM This Month

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Ubuntu Linux +1
NVD
EPSS 2% CVSS 7.0
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple +4
NVD Exploit-DB
EPSS 2% CVSS 7.0
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple +1
NVD Exploit-DB
EPSS 2% CVSS 7.0
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple +4
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Race Condition Google +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Race Condition Microsoft +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Big Ip Local Traffic Manager +9
NVD
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Information Disclosure Radicale
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft +6
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Information Disclosure Pulp
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Qualcomm RCE Race Condition +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Backintime
NVD GitHub
EPSS 3% CVSS 7.0
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple +4
NVD Exploit-DB
EPSS 5% CVSS 7.0
HIGH POC This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Apple +4
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Race Condition Apple +1
NVD
EPSS 21% 4.1 CVSS 10.0
CRITICAL POC THREAT Emergency

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

Race Condition Privilege Escalation Qemu
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Netbackup +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Race Condition Linux Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux +2
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. Rated medium severity (CVSS 6.4).

Race Condition Information Disclosure Docker
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Race Condition Information Disclosure Qemu +1
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Smack +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 3% CVSS 7.0
HIGH POC PATCH This Week

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Oracle +4
NVD GitHub Exploit-DB
EPSS 35% 4.1 CVSS 7.8
HIGH POC PATCH THREAT Act Now

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 34.9%.

Denial Of Service Race Condition Linux +2
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 94% 7.2 CVSS 7.0
HIGH POC KEV PATCH THREAT Act Now

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Race Condition Linux
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Information Disclosure +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Google +3
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks. Rated medium severity (CVSS 6.3).

Race Condition Information Disclosure Xen
NVD
Prev Page 18 of 21 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy