Vulnerabilities (CVE)

Filtered by CWE-362
Total 1767 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14902 1 Google 1 Android 2025-04-20 6.9 MEDIUM 7.0 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur.
CVE-2014-9966 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.
CVE-2017-15588 1 Xen 1 Xen 2025-04-20 6.9 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
CVE-2017-16857 1 Atlassian 1 Bitbucket Auto Unapprove Plugin 2025-04-20 6.0 MEDIUM 8.5 HIGH
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.
CVE-2017-16001 1 Hashicorp 1 Vagrant 2025-04-20 7.2 HIGH 7.8 HIGH
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVE-2017-8262 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.
CVE-2017-8281 1 Google 1 Android 2025-04-20 2.6 LOW 4.7 MEDIUM
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.
CVE-2015-1325 1 Canonical 1 Ubuntu Linux 2025-04-20 6.9 MEDIUM 7.0 HIGH
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
CVE-2016-4984 2 Openldap, Redhat 2 Openldap-servers, Enterprise Linux 2025-04-20 1.9 LOW 4.7 MEDIUM
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
CVE-2016-4982 1 Teether 1 Authd 2025-04-20 1.9 LOW 4.7 MEDIUM
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.
CVE-2017-12146 1 Linux 1 Linux Kernel 2025-04-20 6.9 MEDIUM 7.0 HIGH
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.
CVE-2017-15265 1 Linux 1 Linux Kernel 2025-04-20 6.9 MEDIUM 7.0 HIGH
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
CVE-2017-8148 1 Huawei 2 P9, P9 Firmware 2025-04-20 5.4 MEDIUM 4.7 MEDIUM
Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot.
CVE-2017-6512 3 Canonical, Debian, File\ 3 Ubuntu Linux, Debian Linux, \ 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
CVE-2017-9677 1 Google 1 Android 2025-04-20 6.8 MEDIUM 7.8 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur.
CVE-2017-14483 1 Gentoo 1 Dev-python-flower 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
CVE-2016-9381 2 Citrix, Qemu 2 Xenserver, Qemu 2025-04-20 6.9 MEDIUM 7.5 HIGH
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVE-2017-14748 1 Blizzard 1 Overwatch 2025-04-20 3.5 LOW 5.3 MEDIUM
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.
CVE-2017-0462 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.
CVE-2017-6001 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.