CWE:
 

Tytuł
Data
Autor
High
Linux DRM drm_file_update_pid() Race Condition / Use-After-Free
06.08.2024
Jann Horn
Med.
SolarWinds Platform 2024.1 SR1 Race Condition
26.06.2024
AKA 0xsphinx
Med.
Razer Synapse Race Condition / DLL Hijacking
18.09.2023
Dr. Oliver Schwarz
Med.
Linux 6.4 Use-After-Free / Race Condition
04.09.2023
Jann Horn
High
snap-confine must_mkdir_and_open_with_perms() Race Condition
09.12.2022
Qualys Security Adviso...
Med.
Linux unmap_mapping_range() Race Condition
31.08.2022
Jann Horn
Med.
Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free
18.11.2021
Jann Horn
High
Razer Chroma SDK Server 3.16.02 Race Condition Remote File Execution
26.11.2020
Loke Hui Yi
Med.
Linux expand_downwards() / munmap() Race Condition
15.09.2020
Jann Horn
High
Linux 5.6 IORING_OP_MADVISE Race Condition
11.05.2020
Jann Horn
High
XNU Missing Locking Race Condition
06.11.2019
Jann Horn
High
Apple Mac OS X Feedback Assistant Race Condition (Metasploit)
26.05.2019
timwr
Med.
Mac OS X Feedback Assistant Race Condition
22.05.2019
timwr
Med.
WebKitGTK+ ThreadedCompositor Race Condition
10.04.2019
Anonymouse
High
Synology Photo Station 6.8.2-3461 SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution
16.01.2018
mr_me
Med.
Check_MK 1.2.8p25 Information Disclosure
21.10.2017
Julien Ahrens
Med.
Apple PCIe Message Ring Protocol Race Conditions
24.09.2017
laginimaineb
High
Sudo get_process_ttyname() Race Condition
03.06.2017
Qualys
Med.
Android sec_ts Touchscreen Race Condition
19.01.2017
laginimaineb
Med.
Teradata Studio Express 15.12.00.00 Race Condition
20.11.2016
Larry W. Cashdollar
Med.
WordPress W3 Total Cache 0.9.4.1 Race Condition
12.11.2016
Sipke Mellema
High
Linux 4.6 Double-Fetch Race Condition / Buffer Overflow
06.07.2016
Pengfei Wang
Med.
IBM Installation Manager 1.8.1 Race Condition
12.11.2015
Larry W. Cashdollar
Med.
Linux PolicyKit Race Condition Privilege Escalation
19.10.2014
xi4oyu
Med.
Apache Scoreboard / Status Race Condition
22.07.2014
Marek Kroemeke
Low
SUNWbindr Race Condition
21.07.2012
Larry Cashdollar
High
Testtrack for Linux Race Condition
21.03.2012
Simon
Med.
PolicyKit Pwnage linux local privilege escalation on polkit-1 <= 0.101
10.10.2011
zx2c4
Med.
Ubuntu Linux \'mountall\' Local Privilege Escalation Vulnerability
23.09.2010
fuzz
Med.
Microsoft Windows nt!NtCreateThread Race Condition (MS10-047)
23.08.2010
Tavis Ormandy
Med.
Microsoft Windows nt!NtCreateThread Race Condition (MS10-047)
18.08.2010
Tavis Ormandy
Med.
Deliver 2.1.14 Multiple vulnerabilities
30.03.2010
Dan Rosenberg
High
Microsoft SMB Client Pool Overflow (MS10-006)
16.02.2010
Laurent Gaffi, Renaud...
High
linux kernel 2.6.25.15 fs: pipe.c null pointer dereference
06.11.2009
Eugene Teo eugene
Med.
RADactive I-Load Multiple Vulnerabilities
01.10.2009
Stefan Streichsbier
Med.
FreeBSD <= 6.1 kqueue() NULL pointer dereference
23.08.2009
Przemyslaw Frasunek
High
Linux kernel 2.6.18: do_coredump() vs ptrace_start() deadlock
07.07.2009
Eugene Teo
Med.
samba samba-client samba-server samba-swat Denial of Service
09.05.2009
rPath
Med.
Mac OS X xnu <=1228.x (vfssysctl) Local Kernel DoS PoC
05.04.2009
mu-b
Low
BSOD in Win 2k3, Vista x86 and x64 by nonpriviledged user
13.11.2008
support killprog com
Low
Move utrace into task_struct
02.07.2008
Alexey Dobriyan


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-10-10
Waiting for details
CVE-2024-47870

Updating...
 

 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue.

 
2024-10-01
Waiting for details
CVE-2024-47534

Updating...
 

 
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly trace the delegations "B"->"C"->"A". This vulnerability is fixed in 2.0.1.

 
2024-09-16
Waiting for details
CVE-2023-41833

Updating...
 

 
A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

 
2024-09-10
Waiting for details
CVE-2024-43467

Updating...
 

 
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

 
2024-08-21
Waiting for details
CVE-2024-7885

Updating...
 

 
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

 
2024-08-13
Waiting for details
CVE-2024-38191

Updating...
 

 
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

 
2024-04-19
Waiting for details
CVE-2024-3979

Updating...
 

 
A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596.

 
2024-03-21
Waiting for details
CVE-2024-26307

Updating...
 

 
Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.

 
2024-02-22
Waiting for details
CVE-2024-26578

Updating...
 

 
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

 
2024-01-31
Waiting for details
CVE-2024-23651

Updating...
 

 
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top