CWE:
 

Topic
Date
Author
Med.
Razer Synapse Race Condition / DLL Hijacking
18.09.2023
Dr. Oliver Schwarz
Med.
Linux 6.4 Use-After-Free / Race Condition
04.09.2023
Jann Horn
High
snap-confine must_mkdir_and_open_with_perms() Race Condition
09.12.2022
Qualys Security Adviso...
Med.
Linux unmap_mapping_range() Race Condition
31.08.2022
Jann Horn
Med.
Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free
18.11.2021
Jann Horn
High
Razer Chroma SDK Server 3.16.02 Race Condition Remote File Execution
26.11.2020
Loke Hui Yi
Med.
Linux expand_downwards() / munmap() Race Condition
15.09.2020
Jann Horn
High
Linux 5.6 IORING_OP_MADVISE Race Condition
11.05.2020
Jann Horn
High
XNU Missing Locking Race Condition
06.11.2019
Jann Horn
High
Apple Mac OS X Feedback Assistant Race Condition (Metasploit)
26.05.2019
timwr
Med.
Mac OS X Feedback Assistant Race Condition
22.05.2019
timwr
Med.
WebKitGTK+ ThreadedCompositor Race Condition
10.04.2019
Anonymouse
High
Synology Photo Station 6.8.2-3461 SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution
16.01.2018
mr_me
Med.
Check_MK 1.2.8p25 Information Disclosure
21.10.2017
Julien Ahrens
Med.
Apple PCIe Message Ring Protocol Race Conditions
24.09.2017
laginimaineb
High
Sudo get_process_ttyname() Race Condition
03.06.2017
Qualys
Med.
Android sec_ts Touchscreen Race Condition
19.01.2017
laginimaineb
Med.
Teradata Studio Express 15.12.00.00 Race Condition
20.11.2016
Larry W. Cashdollar
Med.
WordPress W3 Total Cache 0.9.4.1 Race Condition
12.11.2016
Sipke Mellema
High
Linux 4.6 Double-Fetch Race Condition / Buffer Overflow
06.07.2016
Pengfei Wang
Med.
IBM Installation Manager 1.8.1 Race Condition
12.11.2015
Larry W. Cashdollar
Med.
Linux PolicyKit Race Condition Privilege Escalation
19.10.2014
xi4oyu
Med.
Apache Scoreboard / Status Race Condition
22.07.2014
Marek Kroemeke
Low
SUNWbindr Race Condition
21.07.2012
Larry Cashdollar
High
Testtrack for Linux Race Condition
21.03.2012
Simon
Med.
PolicyKit Pwnage linux local privilege escalation on polkit-1 <= 0.101
10.10.2011
zx2c4
Med.
Ubuntu Linux \'mountall\' Local Privilege Escalation Vulnerability
23.09.2010
fuzz
Med.
Microsoft Windows nt!NtCreateThread Race Condition (MS10-047)
23.08.2010
Tavis Ormandy
Med.
Microsoft Windows nt!NtCreateThread Race Condition (MS10-047)
18.08.2010
Tavis Ormandy
Med.
Deliver 2.1.14 Multiple vulnerabilities
30.03.2010
Dan Rosenberg
High
Microsoft SMB Client Pool Overflow (MS10-006)
16.02.2010
Laurent Gaffi, Renaud...
High
linux kernel 2.6.25.15 fs: pipe.c null pointer dereference
06.11.2009
Eugene Teo eugene
Med.
RADactive I-Load Multiple Vulnerabilities
01.10.2009
Stefan Streichsbier
Med.
FreeBSD <= 6.1 kqueue() NULL pointer dereference
23.08.2009
Przemyslaw Frasunek
High
Linux kernel 2.6.18: do_coredump() vs ptrace_start() deadlock
07.07.2009
Eugene Teo
Med.
samba samba-client samba-server samba-swat Denial of Service
09.05.2009
rPath
Med.
Mac OS X xnu <=1228.x (vfssysctl) Local Kernel DoS PoC
05.04.2009
mu-b
Low
BSOD in Win 2k3, Vista x86 and x64 by nonpriviledged user
13.11.2008
support killprog com
Low
Move utrace into task_struct
02.07.2008
Alexey Dobriyan


CVEMAP Search Results

CVE
Details
Description
2024-02-22
Waiting for details
CVE-2024-26578

Updating...
 

 
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

 
2024-01-31
Waiting for details
CVE-2024-23651

Updating...
 

 
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.

 
2024-01-10
Waiting for details
CVE-2023-49619

Updating...
 

 
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.

 
2023-12-23
Waiting for details
CVE-2016-15036

Updating...
 

 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

 
2023-12-08
Waiting for details
CVE-2023-48420

Updating...
 

 
there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

 
2023-07-28
Waiting for details
CVE-2023-37904

Updating...
 

 
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.

 
2023-07-04
Waiting for details
CVE-2023-2010

Updating...
 

 
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.

 
2023-04-17
Waiting for details
CVE-2023-30543

Updating...
 

 
@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.

 
Waiting for details
CVE-2023-28984

Updating...
 

 
A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series.

 
2023-01-17
Waiting for details
CVE-2023-22499

Updating...
 

 
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message. This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can�??t be reliably reproduced on every try. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). The problem has been fixed in Deno v1.29.3; it is recommended all users update to this version. Users are advised to upgrade. Users unable to upgrade may run with --no-prompt flag to disable interactive permission prompts.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top