Vulnerabilities (CVE)

Filtered by CWE-362
Total 1769 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8239 1 Sudo Project 1 Sudo 2025-04-20 6.9 MEDIUM 7.0 HIGH
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
CVE-2017-5899 1 S-nail Project 1 S-nail 2025-04-20 6.9 MEDIUM 7.0 HIGH
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
CVE-2017-11025 1 Google 1 Android 2025-04-20 4.4 MEDIUM 7.0 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur.
CVE-2017-10914 1 Xen 1 Xen 2025-04-20 6.8 MEDIUM 8.1 HIGH
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
CVE-2016-10297 1 Google 1 Android 2025-04-20 9.3 HIGH 7.0 HIGH
In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
CVE-2017-8244 1 Google 1 Android 2025-04-20 6.9 MEDIUM 7.0 HIGH
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).
CVE-2017-2898 1 Meetcircle 2 Circle With Disney, Circle With Disney Firmware 2025-04-20 8.5 HIGH 7.5 HIGH
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.
CVE-2017-2533 1 Apple 1 Mac Os X 2025-04-20 7.6 HIGH 7.0 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2017-1000367 1 Sudo Project 1 Sudo 2025-04-20 6.9 MEDIUM 6.4 MEDIUM
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
CVE-2017-6615 1 Cisco 1 Ios Xe 2025-04-20 6.3 MEDIUM 6.3 MEDIUM
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392.
CVE-2017-9703 1 Google 1 Android 2025-04-20 4.4 MEDIUM 7.0 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition.
CVE-2017-0727 1 Google 1 Android 2025-04-20 6.8 MEDIUM 7.8 HIGH
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
CVE-2016-10200 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 6.9 MEDIUM 7.0 HIGH
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
CVE-2015-8997 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.
CVE-2017-2478 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 7.6 HIGH 7.0 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2017-6346 1 Linux 1 Linux Kernel 2025-04-20 6.9 MEDIUM 7.0 HIGH
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
CVE-2017-7572 1 Backintime Project 1 Backintime 2025-04-20 9.3 HIGH 8.1 HIGH
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
CVE-2017-11044 1 Google 1 Android 2025-04-20 4.4 MEDIUM 7.0 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition.
CVE-2016-10242 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.
CVE-2016-9962 1 Docker 1 Docker 2025-04-20 4.4 MEDIUM 6.4 MEDIUM
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.