Total
2293 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4129 | 3 Fedoraproject, Linux, Redhat | 5 Fedora, Layer 2 Tunneling Protocol, Enterprise Linux and 2 more | 2025-04-14 | 5.5 Medium |
| A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | ||||
| CVE-2015-0572 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.0 High |
| Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call. | ||||
| CVE-2016-0858 | 1 Advantech | 1 Webaccess | 2025-04-12 | N/A |
| Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. | ||||
| CVE-2015-4481 | 4 Microsoft, Mozilla, Opensuse and 1 more | 4 Windows, Firefox, Opensuse and 1 more | 2025-04-12 | N/A |
| Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. | ||||
| CVE-2014-8005 | 1 Cisco | 1 Ios Xr | 2025-04-12 | N/A |
| Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | ||||
| CVE-2014-0100 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-12 | N/A |
| Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load. | ||||
| CVE-2015-1200 | 1 Pxz Project | 1 Pxz | 2025-04-12 | N/A |
| Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions. | ||||
| CVE-2016-9806 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-12 | 7.8 High |
| Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. | ||||
| CVE-2014-2243 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses. | ||||
| CVE-2015-1099 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app. | ||||
| CVE-2015-3216 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Jboss Core Services | 2025-04-12 | N/A |
| Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. | ||||
| CVE-2015-7817 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2025-04-12 | N/A |
| Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. | ||||
| CVE-2015-7814 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. | ||||
| CVE-2014-4438 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. | ||||
| CVE-2014-4386 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | ||||
| CVE-2016-6130 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-12 | N/A |
| Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. | ||||
| CVE-2012-5507 | 2 Plone, Zope | 2 Plone, Zope | 2025-04-12 | N/A |
| AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | ||||
| CVE-2015-7613 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-04-12 | N/A |
| Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. | ||||
| CVE-2016-4309 | 1 Getsymphony | 1 Symphony | 2025-04-12 | 7.5 High |
| Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
| CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | N/A |
| ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | ||||