Vulnerabilities (CVE)

CWE filter

CWE-362

Filter

693 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-10906 1 Linux 1 Linux Kernel 2019-10-15 4.4
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
CVE-2019-17341 1 Xen 1 Xen 2019-10-11 6.9
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
CVE-2019-17342 1 Xen 1 Xen 2019-10-10 4.4
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
CVE-2019-7614 1 Elastic 1 Elasticsearch 2019-10-09 4.3
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response...
CVE-2019-7307 1 Apport Project 1 Apport 2019-10-09 4.4
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to...
CVE-2018-5198 1 Wizvera 1 Veraport G3 2019-10-09 6.8
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.
CVE-2018-3759 1 Private Address Check Project 1 Private Address Check 2019-10-09 4.3
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution...
CVE-2018-1121 2 Procps Project, Procps Project 2 Procps, Procps 2019-10-09 4.3
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process...
CVE-2018-1049 4 Freedesktop, Redhat, Canonical and 1 more 11 Systemd, Enterprise Linux, Enterprise Linux Desktop and 8 more 2019-10-09 4.3
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount...
CVE-2018-18808 1 Tibco 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics 2019-10-09 8.5
The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft...
CVE-2018-15687 2 Freedesktop, Canonical 2 Systemd, Ubuntu Linux 2019-10-09 1.9
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
CVE-2018-0480 1 Cisco 1 Ios Xe 2019-10-09 5.7
A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race...
CVE-2017-7543 2 Redhat, Openstack 2 Openstack, Neutron 2019-10-09 4.3
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically,...
CVE-2017-2619 3 Samba, Debian, Redhat 3 Samba, Debian Linux, Enterprise Linux 2019-10-09 6.0
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVE-2017-2616 3 Util-linux Project, Debian, Redhat 7 Util-linux, Debian Linux, Enterprise Linux Desktop and 4 more 2019-10-09 4.7
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
CVE-2016-10538 2 Debian, Cli Project 2 Debian Linux, Cli 2019-10-09 4.9
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
CVE-2015-1340 1 Linuxcontainers 1 Lxd 2019-10-09 6.8
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the...
CVE-2019-11736 1 Mozilla 2 Firefox, Firefox Esr 2019-10-05 4.4
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged...
CVE-2019-2189 1 Google 1 Android 2019-10-04 6.9
In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2019-2188 1 Google 1 Android 2019-10-04 6.9
In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...