Total
1495 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46713 | 1 Apple | 1 Macos | 2023-03-08 | N/A | 4.7 MEDIUM |
| A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-23039 | 1 Linux | 1 Linux Kernel | 2023-03-06 | N/A | 5.7 MEDIUM |
| An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | |||||
| CVE-2022-32764 | 1 Intel | 1 Driver \& Support Assistant | 2023-03-06 | N/A | 7.0 HIGH |
| Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-5198 | 1 Wizvera | 1 Veraport G3 | 2023-03-04 | 6.8 MEDIUM | 8.1 HIGH |
| In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution. | |||||
| CVE-2019-7614 | 1 Elastic | 1 Elasticsearch | 2023-03-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. | |||||
| CVE-2022-20078 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2023-03-02 | 6.9 MEDIUM | 6.4 MEDIUM |
| In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819. | |||||
| CVE-2023-0739 | 1 Answer | 1 Answer | 2023-03-02 | N/A | 6.8 MEDIUM |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2017-2636 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-24 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
| CVE-2018-15473 | 7 Canonical, Debian, Netapp and 4 more | 24 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 21 more | 2023-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | |||||
| CVE-2022-3521 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-23 | N/A | 2.5 LOW |
| A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-47331 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-21 | N/A | 4.7 MEDIUM |
| In wlan driver, there is a race condition. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-24951 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2023-02-16 | N/A | 7.0 HIGH |
| A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future. | |||||
| CVE-2022-24950 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2023-02-16 | N/A | 7.5 HIGH |
| A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId(). | |||||
| CVE-2022-39328 | 1 Grafana | 1 Grafana | 2023-02-16 | N/A | 8.1 HIGH |
| Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds. | |||||
| CVE-2018-14625 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-13 | 4.4 MEDIUM | 7.0 HIGH |
| A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. | |||||
| CVE-2013-4288 | 4 Canonical, Opensuse, Polkit Project and 1 more | 4 Ubuntu Linux, Opensuse, Polkit and 1 more | 2023-02-13 | 7.2 HIGH | N/A |
| Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. | |||||
| CVE-2013-3302 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.4 MEDIUM | N/A |
| Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event. | |||||
| CVE-2013-1792 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.7 MEDIUM | N/A |
| Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. | |||||
| CVE-2012-5660 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2023-02-13 | 6.9 MEDIUM | N/A |
| abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." | |||||
| CVE-2012-4508 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 1.9 LOW | N/A |
| Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. | |||||