Total
1495 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15265 | 1 Linux | 1 Linux Kernel | 2023-06-21 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. | |||||
| CVE-2017-12146 | 1 Linux | 1 Linux Kernel | 2023-06-21 | 6.9 MEDIUM | 7.0 HIGH |
| The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. | |||||
| CVE-2017-7533 | 1 Linux | 1 Linux Kernel | 2023-06-21 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. | |||||
| CVE-2017-6874 | 1 Linux | 1 Linux Kernel | 2023-06-21 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts. | |||||
| CVE-2017-6346 | 1 Linux | 1 Linux Kernel | 2023-06-21 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. | |||||
| CVE-2023-21101 | 1 Google | 1 Android | 2023-06-21 | N/A | 7.0 HIGH |
| In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255 | |||||
| CVE-2022-38014 | 1 Microsoft | 2 Azure Iot Edge For Linux, Windows Subsystem For Linux | 2023-06-13 | N/A | 7.0 HIGH |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-29537 | 1 Mozilla | 2 Firefox, Focus | 2023-06-09 | N/A | 7.5 HIGH |
| Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-20736 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2023-06-09 | N/A | 6.4 MEDIUM |
| In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189. | |||||
| CVE-2023-20750 | 2 Google, Mediatek | 23 Android, Mt6835, Mt6886 and 20 more | 2023-06-09 | N/A | 4.1 MEDIUM |
| In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928. | |||||
| CVE-2022-3567 | 1 Linux | 1 Linux Kernel | 2023-06-07 | N/A | 6.4 MEDIUM |
| A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. | |||||
| CVE-2017-1000112 | 1 Linux | 1 Linux Kernel | 2023-06-07 | 6.9 MEDIUM | 7.0 HIGH |
| Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. | |||||
| CVE-2016-10200 | 2 Google, Linux | 2 Android, Linux Kernel | 2023-06-07 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. | |||||
| CVE-2023-33974 | 1 Riot-os | 1 Riot | 2023-06-06 | N/A | 5.9 MEDIUM |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds. | |||||
| CVE-2022-45869 | 1 Linux | 1 Linux Kernel | 2023-06-06 | N/A | 5.5 MEDIUM |
| A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. | |||||
| CVE-2023-30571 | 1 Libarchive | 1 Libarchive | 2023-06-05 | N/A | 5.3 MEDIUM |
| Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. | |||||
| CVE-2022-35796 | 1 Microsoft | 1 Edge Chromium | 2023-05-31 | N/A | 7.5 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-34702 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-05-31 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2022-34696 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-05-31 | N/A | 7.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2022-33636 | 1 Microsoft | 1 Edge Chromium | 2023-05-31 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||