Total
1264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6156 | 1 Linux | 1 Linux Kernel | 2016-11-28 | 1.9 LOW | 5.1 MEDIUM |
| Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability. | |||||
| CVE-2016-3914 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operations, aka internal bug 30481342. | |||||
| CVE-2016-0930 | 1 Pivotal | 1 Operations Manager | 2016-11-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist. | |||||
| CVE-2015-8963 | 1 Linux | 1 Linux Kernel | 2016-11-28 | 7.6 HIGH | 7.0 HIGH |
| Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. | |||||
| CVE-2010-5313 | 1 Linux | 1 Linux Kernel | 2016-11-28 | 4.9 MEDIUM | N/A |
| Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. | |||||
| CVE-2013-5512 | 1 Cisco | 1 Adaptive Security Appliance Software | 2016-11-01 | 7.1 HIGH | N/A |
| Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before 9.0(1.4), and 9.1.x before 9.1(1.2), in certain conditions involving the spoof-server option or ActiveX or Java response inspection, allows remote attackers to cause a denial of service (device reload) via a crafted HTTP response, aka Bug ID CSCud37992. | |||||
| CVE-2014-5332 | 1 Linux | 1 Linux Kernel | 2016-09-19 | 6.9 MEDIUM | N/A |
| Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox. | |||||
| CVE-2015-1882 | 1 Ibm | 1 Websphere Application Server | 2016-08-03 | 8.5 HIGH | N/A |
| Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user. | |||||
| CVE-2016-3760 | 1 Google | 1 Android | 2016-07-12 | 5.4 MEDIUM | 7.5 HIGH |
| Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683. | |||||
| CVE-2016-3744 | 1 Google | 1 Android | 2016-07-11 | 4.3 MEDIUM | 7.5 HIGH |
| Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580. | |||||
| CVE-2016-0848 | 1 Google | 1 Android | 2016-04-20 | 7.2 HIGH | 8.4 HIGH |
| Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054. | |||||
| CVE-2015-8511 | 1 Mozilla | 1 Firefox Os | 2016-01-14 | 6.9 MEDIUM | 6.4 MEDIUM |
| Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
| CVE-2015-7817 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2015-11-12 | 7.1 HIGH | N/A |
| Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. | |||||
| CVE-2015-7820 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2015-11-12 | 7.1 HIGH | N/A |
| Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. | |||||
| CVE-2015-0632 | 1 Cisco | 2 Ios, Ios Xe | 2015-11-02 | 5.7 MEDIUM | N/A |
| Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. | |||||
| CVE-2015-0654 | 1 Cisco | 1 Intrusion Prevention System | 2015-09-11 | 7.1 HIGH | N/A |
| Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652. | |||||
| CVE-2015-0631 | 1 Cisco | 12 Ids 4210, Ids 4215, Ids 4220 and 9 more | 2015-03-04 | 7.1 HIGH | N/A |
| Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688. | |||||
| CVE-2013-6458 | 1 Redhat | 1 Libvirt | 2015-01-02 | 6.8 MEDIUM | N/A |
| Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. | |||||
| CVE-2014-1447 | 1 Redhat | 1 Libvirt | 2015-01-02 | 3.3 LOW | N/A |
| Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. | |||||
| CVE-2014-9150 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2014-12-17 | 6.4 MEDIUM | N/A |
| Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. | |||||