Vulnerabilities (CVE)

Filtered by CWE-362
Total 1770 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4481 4 Microsoft, Mozilla, Opensuse and 1 more 4 Windows, Firefox, Opensuse and 1 more 2025-04-12 3.3 LOW N/A
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
CVE-2014-3940 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-12 4.0 MEDIUM N/A
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
CVE-2015-2418 1 Microsoft 1 Malicious Software Removal Tool 2025-04-12 6.9 MEDIUM N/A
Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability."
CVE-2015-0610 1 Cisco 1 Ios 2025-04-12 4.3 MEDIUM N/A
Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.
CVE-2016-3760 1 Google 1 Android 2025-04-12 5.4 MEDIUM 7.5 HIGH
Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.
CVE-2015-0572 1 Linux 1 Linux Kernel 2025-04-12 4.4 MEDIUM 7.0 HIGH
Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call.
CVE-2016-7916 1 Linux 1 Linux Kernel 2025-04-12 4.7 MEDIUM 5.5 MEDIUM
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.
CVE-2015-4170 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux Compute Node Eus, Enterprise Linux For Ibm Z Systems Eus and 3 more 2025-04-12 4.7 MEDIUM 4.7 MEDIUM
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
CVE-2014-3406 1 Cisco 1 Intrusion Prevention System 2025-04-12 7.1 HIGH N/A
Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085.
CVE-2016-1757 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 9.3 HIGH 7.0 HIGH
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2010-5298 4 Fedoraproject, Mariadb, Openssl and 1 more 7 Fedora, Mariadb, Openssl and 4 more 2025-04-12 4.0 MEDIUM N/A
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
CVE-2015-4199 1 Cisco 1 Ios 2025-04-12 7.1 HIGH N/A
Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366.
CVE-2016-0723 1 Linux 1 Linux Kernel 2025-04-12 5.6 MEDIUM 6.8 MEDIUM
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
CVE-2015-4203 1 Cisco 2 Ios, Ubr10000 Cable Modem Termination System 2025-04-12 5.4 MEDIUM N/A
Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.
CVE-2014-9529 6 Canonical, Debian, Fedoraproject and 3 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2025-04-12 6.9 MEDIUM N/A
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
CVE-2016-8655 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 7.2 HIGH 7.8 HIGH
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
CVE-2015-3709 1 Apple 1 Mac Os X 2025-04-12 6.9 MEDIUM N/A
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
CVE-2015-1791 1 Openssl 1 Openssl 2025-04-12 6.8 MEDIUM N/A
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
CVE-2015-4510 1 Mozilla 1 Firefox 2025-04-12 6.8 MEDIUM N/A
Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.
CVE-2016-7098 1 Gnu 1 Wget 2025-04-12 6.8 MEDIUM 8.1 HIGH
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.