Skip to main content

Race Condition

1817 CVEs technique

Monthly

CVE-2016-7098 HIGH POC This Week

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Wget
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
6.7%
CVE-2016-0930 CRITICAL Act Now

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Operations Manager
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-6480 MEDIUM This Month

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-6156 MEDIUM PATCH This Month

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Google Linux Linux Kernel +1
NVD GitHub
CVSS 3.0
5.1
EPSS
0.0%
CVE-2016-6136 MEDIUM PATCH This Month

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call. Rated medium severity (CVSS 4.7).

Race Condition Linux Authentication Bypass Linux Kernel
NVD GitHub
CVSS 3.0
4.7
EPSS
0.0%
CVE-2016-4583 LOW Monitor

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Authentication Bypass Webkit Webkitgtk
NVD
CVSS 3.0
3.1
EPSS
0.4%
CVE-2016-4247 MEDIUM PATCH This Month

Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Adobe Race Condition Information Disclosure Microsoft Flash Player Desktop Runtime +1
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2016-4955 MEDIUM PATCH This Month

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Ntp Solaris Manager Proxy +7
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2016-4954 HIGH PATCH This Week

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Denial Of Service Ntp Solaris Manager +9
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-6130 MEDIUM PATCH This Month

Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a. Rated medium severity (CVSS 4.7).

Information Disclosure Race Condition Linux Debian Linux Linux Kernel
NVD GitHub
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-4309 HIGH POC THREAT Act Now

Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 19.1%.

Race Condition Information Disclosure Symphony
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
19.1%
CVE-2016-1807 MEDIUM POC This Month

Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Race Condition Apple Information Disclosure Mac Os X Watchos +2
NVD Exploit-DB
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-1670 MEDIUM This Month

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Google Information Disclosure Chrome Opensuse +1
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2015-8839 MEDIUM This Month

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2015-4170 MEDIUM PATCH This Month

Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel Enterprise Linux Compute Node Eus +4
NVD GitHub
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-2812 HIGH This Week

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla Buffer Overflow RCE +1
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-2547 MEDIUM PATCH This Month

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition,. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-2546 MEDIUM PATCH This Month

sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-2545 MEDIUM PATCH This Month

The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-2544 MEDIUM PATCH This Month

Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-2069 HIGH PATCH This Week

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. Rated high severity (CVSS 7.4), this vulnerability is no authentication required.

Information Disclosure Race Condition Linux Ubuntu Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.4
EPSS
0.1%
CVE-2016-0848 HIGH PATCH This Week

Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Authentication Bypass Android
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2016-1267 MEDIUM This Month

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before. Rated medium severity (CVSS 6.7). No vendor patch available.

Juniper Race Condition Information Disclosure Junos
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2016-1757 HIGH POC THREAT Act Now

Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and EPSS exploitation probability 58.5%.

Race Condition Apple RCE Iphone Os Mac Os X
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
58.5%
Threat
4.7
CVE-2016-1975 MEDIUM This Month

Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Mozilla Buffer Overflow Microsoft +2
NVD
CVSS 3.0
6.3
EPSS
0.6%
CVE-2015-8767 MEDIUM PATCH This Month

net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2015-7550 MEDIUM This Month

The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8511 MEDIUM This Month

Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Mozilla Authentication Bypass Firefox Os
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2015-7990 MEDIUM This Month

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.8
EPSS
0.0%
CVE-2015-8461 HIGH Act Now

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 14.7% and no vendor patch available.

Race Condition Denial Of Service Bind
NVD
CVSS 2.0
7.1
EPSS
14.7%
CVE-2015-6789 CRITICAL Act Now

Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Google Denial Of Service Chrome
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2015-6126 HIGH PATCH This Week

Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Race Condition Denial Of Service Microsoft Windows 10 Windows 7 +7
NVD
CVSS 2.0
7.2
EPSS
0.6%
CVE-2015-3196 MEDIUM PATCH This Month

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Race Condition OpenSSL Icewall Sso Icewall Sso Agent Option +10
NVD
CVSS 2.0
4.3
EPSS
7.4%
CVE-2015-7312 MEDIUM POC This Month

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel Ubuntu Linux +1
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2015-7820 HIGH This Week

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Race Condition Path Traversal Lenovo Switch Center +1
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2015-7817 HIGH This Week

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Race Condition Path Traversal Lenovo System Networking Switch Center +1
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2015-5240 PyPI LOW PATCH Monitor

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Race Condition Authentication Bypass Neutron
NVD VulDB
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-7613 MEDIUM POC This Month

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-6761 MEDIUM This Month

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Google Buffer Overflow Ffmpeg +1
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2015-4510 MEDIUM This Month

Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Mozilla RCE Firefox
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2015-5189 MEDIUM This Month

Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Pacemaker Corosync Configuration System
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-3212 MEDIUM PATCH This Month

Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-5754 CRITICAL POC THREAT Emergency

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.9%.

Race Condition Apple RCE Mac Os X
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
26.9%
Threat
4.2
CVE-2015-4481 LOW POC Monitor

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Race Condition Mozilla Information Disclosure Microsoft Firefox +2
NVD Exploit-DB
CVSS 2.0
3.3
EPSS
0.2%
CVE-2015-2418 MEDIUM PATCH This Month

Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability.". Rated medium severity (CVSS 6.9).

Race Condition Information Disclosure Microsoft Malicious Software Removal Tool
NVD
CVSS 2.0
6.9
EPSS
1.1%
CVE-2015-3709 MEDIUM PATCH This Month

Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. Rated medium severity (CVSS 6.9).

Race Condition Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-4199 HIGH This Week

Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2015-4203 MEDIUM This Month

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
5.4
EPSS
0.7%
CVE-2015-1791 MEDIUM This Month

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service Race Condition OpenSSL
NVD GitHub
CVSS 2.0
6.8
EPSS
10.2%
CVE-2015-3339 MEDIUM This Month

Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Race Condition Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 2.0
6.2
EPSS
0.0%
CVE-2014-9710 MEDIUM PATCH This Month

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL. Rated medium severity (CVSS 6.9).

Race Condition Linux Authentication Bypass Linux Kernel
NVD GitHub
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-2715 MEDIUM This Month

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Denial Of Service Mozilla Buffer Overflow RCE +2
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-3081 MEDIUM POC PATCH This Month

Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Adobe Race Condition Authentication Bypass Microsoft Flash Player +3
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.9%
CVE-2015-2234 MEDIUM This Month

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Lenovo System Update
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-1882 HIGH PATCH This Week

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

IBM Race Condition RCE Java Websphere Application Server
NVD
CVSS 2.0
8.5
EPSS
2.2%
CVE-2015-2706 MEDIUM This Month

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Mozilla RCE Firefox
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-1099 MEDIUM This Month

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a. Rated medium severity (CVSS 4.0). No vendor patch available.

Race Condition Apple Denial Of Service Mac Os X Tvos +1
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-1234 MEDIUM This Month

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Google Buffer Overflow Chrome
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-1420 LOW Monitor

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Linux Authentication Bypass Debian Linux Linux Kernel
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2015-0654 HIGH This Week

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Cisco Denial Of Service Intrusion Prevention System
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2015-0632 MEDIUM This Month

Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the. Rated medium severity (CVSS 5.7). No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS +1
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2015-0631 HIGH This Week

Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Cisco Denial Of Service Ips Sensor Software
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2015-0609 HIGH This Week

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2015-0245 LOW Monitor

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Denial Of Service Dbus Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-8122 Maven MEDIUM PATCH This Month

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Jboss Weld
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-4813 MEDIUM PATCH This Month

Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1,. Rated medium severity (CVSS 6.9).

IBM Race Condition Information Disclosure Tivoli Storage Manager
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-0610 MEDIUM This Month

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Race Condition Apple Cisco iOS
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0608 HIGH This Week

Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2014-5332 MEDIUM POC This Month

Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Nvidia Google Linux +2
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-1200 LOW Monitor

Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Authentication Bypass Pxz
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-8640 MEDIUM This Month

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Mozilla Denial Of Service Firefox Opensuse +1
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-9529 MEDIUM PATCH This Month

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly. Rated medium severity (CVSS 6.9).

Denial Of Service Race Condition Linux Buffer Overflow Linux Kernel +10
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-7170 LOW Monitor

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Information Disclosure Puppet Server
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2014-9150 MEDIUM PATCH This Month

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe Race Condition Authentication Bypass Microsoft Acrobat Reader +1
NVD
CVSS 2.0
6.4
EPSS
1.7%
CVE-2014-7842 MEDIUM PATCH This Month

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-8005 MEDIUM This Month

Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Apple Denial Of Service Cisco Ios Xr
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-2667 LOW Monitor

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file. Rated low severity (CVSS 3.3). No vendor patch available.

Race Condition Python Authentication Bypass
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3611 MEDIUM PATCH This Month

Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS. Rated medium severity (CVSS 4.7).

Denial Of Service Race Condition Linux Linux Kernel Enterprise Linux +2
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2014-3406 HIGH This Week

Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Cisco Denial Of Service Intrusion Prevention System
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2014-4438 MEDIUM This Month

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-8750 MEDIUM This Month

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Race Condition VMware Nova
NVD
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-8086 MEDIUM POC PATCH This Month

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Race Condition Linux Linux Kernel Suse Linux Enterprise Server
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2014-3385 HIGH This Week

Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Cisco Denial Of Service Asa
NVD
CVSS 2.0
7.8
EPSS
0.3%
CVE-2014-7154 MEDIUM PATCH This Month

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Denial Of Service Fedora Debian Linux Xen +1
NVD
CVSS 2.0
6.1
EPSS
0.7%
CVE-2012-5507 PyPI MEDIUM PATCH This Month

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Zope Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4386 LOW Monitor

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2014-4353 MEDIUM This Month

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5033 MEDIUM POC This Month

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Kde4Libs Ubuntu Linux Kauth +1
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-3509 MEDIUM POC THREAT This Month

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service Race Condition OpenSSL
NVD GitHub
CVSS 2.0
6.8
EPSS
13.0%
CVE-2014-3251 MEDIUM This Month

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which. Rated medium severity (CVSS 4.4). No vendor patch available.

Race Condition Authentication Bypass Puppet Enterprise Mcollective
NVD
CVSS 2.0
4.4
EPSS
0.0%
EPSS 7% CVSS 8.1
HIGH POC This Week

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Wget
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Operations Manager
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Race Condition Linux +1
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Google +3
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call. Rated medium severity (CVSS 4.7).

Race Condition Linux Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 3.1
LOW Monitor

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Apple Authentication Bypass +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Adobe Race Condition Information Disclosure +3
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Ntp +9
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Denial Of Service Ntp +11
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a. Rated medium severity (CVSS 4.7).

Information Disclosure Race Condition Linux +2
NVD GitHub
EPSS 19% CVSS 7.5
HIGH POC THREAT Act Now

Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 19.1%.

Race Condition Information Disclosure Symphony
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Race Condition Apple Information Disclosure +4
NVD Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM This Month

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Google Information Disclosure +3
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Race Condition Linux +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux +6
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla +3
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition,. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. Rated high severity (CVSS 7.4), this vulnerability is no authentication required.

Information Disclosure Race Condition Linux +2
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Race Condition Google Authentication Bypass +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before. Rated medium severity (CVSS 6.7). No vendor patch available.

Juniper Race Condition Information Disclosure +1
NVD
EPSS 58% 4.7 CVSS 7.0
HIGH POC THREAT Act Now

Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and EPSS exploitation probability 58.5%.

Race Condition Apple RCE +2
NVD Exploit-DB
EPSS 1% CVSS 6.3
MEDIUM This Month

Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Mozilla +4
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Race Condition Linux +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Mozilla Authentication Bypass +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 15% CVSS 7.1
HIGH Act Now

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 14.7% and no vendor patch available.

Race Condition Denial Of Service Bind
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Google Denial Of Service +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Race Condition Denial Of Service Microsoft +9
NVD
EPSS 7% CVSS 4.3
MEDIUM PATCH This Month

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Race Condition OpenSSL +12
NVD
EPSS 0% CVSS 4.4
MEDIUM POC This Month

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

Denial Of Service Race Condition Linux +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Race Condition Path Traversal +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Race Condition Path Traversal +3
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Race Condition Authentication Bypass Neutron
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Linux +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Google +3
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Mozilla +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Pacemaker Corosync Configuration System
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 27% 4.2 CVSS 9.3
CRITICAL POC THREAT Emergency

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.9%.

Race Condition Apple RCE +1
NVD Exploit-DB
EPSS 0% CVSS 3.3
LOW POC Monitor

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Race Condition Mozilla Information Disclosure +4
NVD Exploit-DB
EPSS 1% CVSS 6.9
MEDIUM PATCH This Month

Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability.". Rated medium severity (CVSS 6.9).

Race Condition Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. Rated medium severity (CVSS 6.9).

Race Condition Apple Authentication Bypass +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service +2
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service +2
NVD
EPSS 10% CVSS 6.8
MEDIUM This Month

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service Race Condition OpenSSL
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Race Condition Linux +2
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL. Rated medium severity (CVSS 6.9).

Race Condition Linux Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Denial Of Service Mozilla +4
NVD
EPSS 6% CVSS 4.3
MEDIUM POC PATCH This Month

Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Adobe Race Condition Authentication Bypass +5
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM This Month

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Lenovo +1
NVD
EPSS 2% CVSS 8.5
HIGH PATCH This Week

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

IBM Race Condition RCE +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Mozilla +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a. Rated medium severity (CVSS 4.0). No vendor patch available.

Race Condition Apple Denial Of Service +3
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Google +2
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Linux Authentication Bypass +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the. Rated medium severity (CVSS 5.7). No vendor patch available.

Race Condition Apple Denial Of Service +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service +2
NVD
EPSS 0% CVSS 1.9
LOW Monitor

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Denial Of Service Dbus +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Jboss Weld
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1,. Rated medium severity (CVSS 6.9).

IBM Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Race Condition Apple +2
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service +2
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Nvidia +4
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Authentication Bypass Pxz
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Mozilla Denial Of Service +3
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly. Rated medium severity (CVSS 6.9).

Denial Of Service Race Condition Linux +12
NVD GitHub
EPSS 0% CVSS 1.9
LOW Monitor

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Information Disclosure Puppet Server
NVD
EPSS 2% CVSS 6.4
MEDIUM PATCH This Month

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe Race Condition Authentication Bypass +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Apple Denial Of Service +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file. Rated low severity (CVSS 3.3). No vendor patch available.

Race Condition Python Authentication Bypass
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS. Rated medium severity (CVSS 4.7).

Denial Of Service Race Condition Linux +4
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Apple Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Race Condition VMware +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Race Condition Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Denial Of Service Fedora +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Zope +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW Monitor

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Apple Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Information Disclosure +1
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Kde4Libs +3
NVD
EPSS 13% CVSS 6.8
MEDIUM POC THREAT This Month

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service Race Condition OpenSSL
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which. Rated medium severity (CVSS 4.4). No vendor patch available.

Race Condition Authentication Bypass Puppet Enterprise +1
NVD
Prev Page 19 of 21 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy