Total
1264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18253 | 1 Capmon | 1 Access Manager | 2019-03-18 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases. | |||||
| CVE-2018-0492 | 2 Beep Project, Debian | 2 Beep, Debian Linux | 2019-03-14 | 4.4 MEDIUM | 7.0 HIGH |
| Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | |||||
| CVE-2019-9710 | 1 Webargs Project | 1 Webargs | 2019-03-12 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests. | |||||
| CVE-2017-2478 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2017-7115 | 1 Apple | 2 Iphone Os, Tvos | 2019-03-08 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition. | |||||
| CVE-2015-1099 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 4.0 MEDIUM | N/A |
| Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2017-2456 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-12029 | 2 Debian, Phusion | 2 Debian Linux, Passenger | 2019-03-08 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. | |||||
| CVE-2018-4192 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-03-07 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. | |||||
| CVE-2016-6663 | 3 Mariadb, Oracle, Percona | 4 Mariadb, Mysql, Percona Server and 1 more | 2019-03-05 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. | |||||
| CVE-2018-7995 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
| ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant. | |||||
| CVE-2008-5044 | 1 Microsoft | 2 Windows Server 2003, Windows Vista | 2019-02-26 | 4.0 MEDIUM | N/A |
| Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. | |||||
| CVE-2009-0320 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2019-02-26 | 4.0 MEDIUM | N/A |
| Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." | |||||
| CVE-2017-15405 | 1 Google | 1 Chrome | 2019-02-15 | 6.9 MEDIUM | 7.0 HIGH |
| Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2015-8878 | 1 Php | 1 Php | 2019-02-14 | 7.1 HIGH | 5.9 MEDIUM |
| main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. | |||||
| CVE-2018-9586 | 1 Google | 1 Android | 2019-02-12 | 4.4 MEDIUM | 7.0 HIGH |
| In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444. | |||||
| CVE-2019-7718 | 1 Metinfo | 1 Metinfo | 2019-02-11 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily. | |||||
| CVE-2018-19370 | 1 Yoast | 1 Yoast Seo | 2019-01-31 | 6.0 MEDIUM | 6.6 MEDIUM |
| A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. | |||||
| CVE-2018-11998 | 1 Qualcomm | 30 Mdm9206, Mdm9206 Firmware, Mdm9607 and 27 more | 2019-01-24 | 7.9 HIGH | 7.5 HIGH |
| While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016 | |||||
| CVE-2018-16079 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-01-15 | 2.6 LOW | 5.3 MEDIUM |
| A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||