Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-362
Total 1264 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-21086 1 Google 1 Android 2020-04-09 6.8 MEDIUM 8.1 HIGH
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).
CVE-2017-18647 1 Google 1 Android 2020-04-09 6.8 MEDIUM 8.1 HIGH
An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017).
CVE-2017-18692 3 Google, Qualcomm, Samsung 7 Android, Msm8939, Msm8996 and 4 more 2020-04-08 6.8 MEDIUM 8.1 HIGH
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a resultant buffer overflow, in the sec_ts touchscreen sysfs interface. The Samsung ID is SVE-2016-7501 (January 2017).
CVE-2016-11030 1 Google 1 Android 2020-04-07 6.8 MEDIUM 8.1 HIGH
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016).
CVE-2015-7335 1 Lenovo 1 System Update 2020-03-30 6.9 MEDIUM 7.0 HIGH
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
CVE-2020-10843 1 Google 1 Android 2020-03-26 4.4 MEDIUM 7.0 HIGH
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There are race conditions in the hdcp2 driver. The Samsung ID is SVE-2019-16296 (February 2020).
CVE-2020-10575 1 Meetecho 1 Janus 2020-03-18 4.0 MEDIUM 4.2 MEDIUM
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.
CVE-2020-10577 1 Meetecho 1 Janus 2020-03-17 5.8 MEDIUM 4.8 MEDIUM
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.
CVE-2020-10576 1 Meetecho 1 Janus 2020-03-17 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.
CVE-2020-3831 1 Apple 2 Ipados, Iphone Os 2020-03-02 7.6 HIGH 7.0 HIGH
A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9329 1 Gogs 1 Gogs 2020-02-25 4.3 MEDIUM 5.9 MEDIUM
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.
CVE-2011-0699 1 Linux 1 Linux Kernel 2020-02-25 6.9 MEDIUM 7.0 HIGH
Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value.
CVE-2020-3163 1 Cisco 1 Unified Contact Center Enterprise 2020-02-24 7.1 HIGH 5.9 MEDIUM
A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection.
CVE-2013-3685 2 Lg, Spritesoftware 45 E971, E973, E975 and 42 more 2020-02-19 6.9 MEDIUM 7.0 HIGH
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.
CVE-2018-9069 2 Hp, Lenovo 133 310s-14isk, 310s-14isk Firmware, 320-15ikbra and 130 more 2020-02-18 7.0 HIGH 5.9 MEDIUM
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
CVE-2020-3941 2 Microsoft, Vmware 2 Windows, Tools 2020-02-05 4.4 MEDIUM 7.0 HIGH
The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.
CVE-2007-4774 1 Linux 1 Linux Kernel 2020-02-04 4.3 MEDIUM 5.9 MEDIUM
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.
CVE-2014-2906 1 Fishshell 1 Fish 2020-02-03 4.4 MEDIUM 7.0 HIGH
The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.
CVE-2014-3856 1 Fishshell 1 Fish 2020-02-03 4.4 MEDIUM 7.0 HIGH
The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.
CVE-2019-19537 1 Linux 1 Linux Kernel 2020-01-17 4.7 MEDIUM 4.2 MEDIUM
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.