Total
2186 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4170 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Enterprise Linux Compute Node Eus and 6 more | 2025-04-12 | N/A |
| Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. | ||||
| CVE-2014-7170 | 1 Puppet | 1 Puppet Server | 2025-04-12 | N/A |
| Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. | ||||
| CVE-2015-2715 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. | ||||
| CVE-2016-6516 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability. | ||||
| CVE-2016-4309 | 1 Getsymphony | 1 Symphony | 2025-04-12 | 7.5 High |
| Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
| CVE-2016-0723 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. | ||||
| CVE-2015-2706 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization. | ||||
| CVE-2014-2243 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses. | ||||
| CVE-2016-9794 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-12 | 7.8 High |
| Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. | ||||
| CVE-2014-4386 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | ||||
| CVE-2015-7990 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. | ||||
| CVE-2014-3940 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-12 | N/A |
| The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c. | ||||
| CVE-2016-3258 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | N/A |
| Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass." | ||||
| CVE-2016-3744 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580. | ||||
| CVE-2016-3760 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683. | ||||
| CVE-2014-3406 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-12 | N/A |
| Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085. | ||||
| CVE-2016-3914 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operations, aka internal bug 30481342. | ||||
| CVE-2014-3251 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Mcollective | 2025-04-12 | N/A |
| The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition. | ||||
| CVE-2016-7098 | 1 Gnu | 1 Wget | 2025-04-12 | N/A |
| Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | ||||
| CVE-2014-4813 | 2 Ibm, Linux | 2 Tivoli Storage Manager, Linux Kernel | 2025-04-12 | N/A |
| Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors. | ||||