Total
1769 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11045 | 1 Google | 1 Android | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition. | |||||
CVE-2015-7891 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | |||||
CVE-2015-8996 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | |||||
CVE-2014-9941 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | |||||
CVE-2017-6979 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2015-5191 | 2 Linux, Vmware | 2 Linux Kernel, Tools | 2025-04-20 | 3.7 LOW | 6.7 MEDIUM |
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | |||||
CVE-2017-1000405 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. | |||||
CVE-2017-9685 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | |||||
CVE-2014-7953 | 1 Google | 1 Android | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. | |||||
CVE-2016-3106 | 1 Pulpproject | 1 Pulp | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | |||||
CVE-2014-9936 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. | |||||
CVE-2017-14902 | 1 Google | 1 Android | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur. | |||||
CVE-2014-9966 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. | |||||
CVE-2017-15588 | 1 Xen | 1 Xen | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. | |||||
CVE-2017-16857 | 1 Atlassian | 1 Bitbucket Auto Unapprove Plugin | 2025-04-20 | 6.0 MEDIUM | 8.5 HIGH |
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket. | |||||
CVE-2017-16001 | 1 Hashicorp | 1 Vagrant | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | |||||
CVE-2017-8262 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. | |||||
CVE-2017-8281 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | |||||
CVE-2015-1325 | 1 Canonical | 1 Ubuntu Linux | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges. | |||||
CVE-2016-4984 | 2 Openldap, Redhat | 2 Openldap-servers, Enterprise Linux | 2025-04-20 | 1.9 LOW | 4.7 MEDIUM |
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. |