Przykłady dla Common Weakness Enumeration

	Tytuł	Data	Autor
Med.	Razer Synapse Race Condition / DLL Hijacking	18.09.2023	Dr. Oliver Schwarz
Med.	Linux 6.4 Use-After-Free / Race Condition	04.09.2023	Jann Horn
High	snap-confine must_mkdir_and_open_with_perms() Race Condition	09.12.2022	Qualys Security Adviso...
Med.	Linux unmap_mapping_range() Race Condition	31.08.2022	Jann Horn
Med.	Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free	18.11.2021	Jann Horn
High	Razer Chroma SDK Server 3.16.02 Race Condition Remote File Execution	26.11.2020	Loke Hui Yi
Med.	Linux expand_downwards() / munmap() Race Condition	15.09.2020	Jann Horn
High	Linux 5.6 IORING_OP_MADVISE Race Condition	11.05.2020	Jann Horn
High	XNU Missing Locking Race Condition	06.11.2019	Jann Horn
High	Apple Mac OS X Feedback Assistant Race Condition (Metasploit)	26.05.2019	timwr
Med.	Mac OS X Feedback Assistant Race Condition	22.05.2019	timwr
Med.	WebKitGTK+ ThreadedCompositor Race Condition	10.04.2019	Anonymouse
High	Synology Photo Station 6.8.2-3461 SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution	16.01.2018	mr_me
Med.	Check_MK 1.2.8p25 Information Disclosure	21.10.2017	Julien Ahrens
Med.	Apple PCIe Message Ring Protocol Race Conditions	24.09.2017	laginimaineb
High	Sudo get_process_ttyname() Race Condition	03.06.2017	Qualys
Med.	Android sec_ts Touchscreen Race Condition	19.01.2017	laginimaineb
Med.	Teradata Studio Express 15.12.00.00 Race Condition	20.11.2016	Larry W. Cashdollar
Med.	WordPress W3 Total Cache 0.9.4.1 Race Condition	12.11.2016	Sipke Mellema
High	Linux 4.6 Double-Fetch Race Condition / Buffer Overflow	06.07.2016	Pengfei Wang
Med.	IBM Installation Manager 1.8.1 Race Condition	12.11.2015	Larry W. Cashdollar
Med.	Linux PolicyKit Race Condition Privilege Escalation	19.10.2014	xi4oyu
Med.	Apache Scoreboard / Status Race Condition	22.07.2014	Marek Kroemeke
Low	SUNWbindr Race Condition	21.07.2012	Larry Cashdollar
High	Testtrack for Linux Race Condition	21.03.2012	Simon
Med.	PolicyKit Pwnage linux local privilege escalation on polkit-1 <= 0.101	10.10.2011	zx2c4
Med.	Ubuntu Linux \'mountall\' Local Privilege Escalation Vulnerability	23.09.2010	fuzz
Med.	Microsoft Windows nt!NtCreateThread Race Condition (MS10-047)	23.08.2010	Tavis Ormandy
Med.	Microsoft Windows nt!NtCreateThread Race Condition (MS10-047)	18.08.2010	Tavis Ormandy
Med.	Deliver 2.1.14 Multiple vulnerabilities	30.03.2010	Dan Rosenberg
High	Microsoft SMB Client Pool Overflow (MS10-006)	16.02.2010	Laurent Gaffi, Renaud...
High	linux kernel 2.6.25.15 fs: pipe.c null pointer dereference	06.11.2009	Eugene Teo eugene
Med.	RADactive I-Load Multiple Vulnerabilities	01.10.2009	Stefan Streichsbier
Med.	FreeBSD <= 6.1 kqueue() NULL pointer dereference	23.08.2009	Przemyslaw Frasunek
High	Linux kernel 2.6.18: do_coredump() vs ptrace_start() deadlock	07.07.2009	Eugene Teo
Med.	samba samba-client samba-server samba-swat Denial of Service	09.05.2009	rPath
Med.	Mac OS X xnu <=1228.x (vfssysctl) Local Kernel DoS PoC	05.04.2009	mu-b
Low	BSOD in Win 2k3, Vista x86 and x64 by nonpriviledged user	13.11.2008	support killprog com
Low	Move utrace into task_struct	02.07.2008	Alexey Dobriyan

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2023-07-28

CVE-2023-37904

Updating...

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.

2023-07-04

CVE-2023-2010

Updating...

The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.

2023-04-17

	CVE-2023-28984	Updating...	A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series.
	CVE-2023-30543	Updating...	@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` and a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.

2023-01-17

CVE-2023-22499

Updating...

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message. This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can�??t be reliably reproduced on every try. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). The problem has been fixed in Deno v1.29.3; it is recommended all users update to this version. Users are advised to upgrade. Users unable to upgrade may run with --no-prompt flag to disable interactive permission prompts.

2022-12-28

CVE-2022-46174

Updating...

efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer�??s local mount points to that customer�??s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later.

2022-11-28

CVE-2022-4129

Updating...

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

2022-10-20

	CVE-2022-27626	Updating...	A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
	CVE-2022-3623	Updating...	A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.

2022-10-17

CVE-2022-3566

Updating...

A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.

18.09.2023

04.09.2023

09.12.2022

31.08.2022

18.11.2021

26.11.2020

15.09.2020

11.05.2020

06.11.2019

26.05.2019

22.05.2019

10.04.2019

16.01.2018

21.10.2017

24.09.2017

03.06.2017

19.01.2017

20.11.2016

12.11.2016

06.07.2016

12.11.2015

19.10.2014

22.07.2014

21.07.2012

21.03.2012

10.10.2011

23.09.2010

23.08.2010

18.08.2010

30.03.2010

16.02.2010

06.11.2009

01.10.2009

23.08.2009

07.07.2009

09.05.2009

05.04.2009

13.11.2008

02.07.2008