Total
1740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2706 | 1 Mozilla | 1 Firefox | 2025-04-12 | 6.8 MEDIUM | N/A |
| Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization. | |||||
| CVE-2014-0703 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2025-04-12 | 10.0 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202. | |||||
| CVE-2015-7817 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2025-04-12 | 7.1 HIGH | N/A |
| Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. | |||||
| CVE-2015-8878 | 1 Php | 1 Php | 2025-04-12 | 7.1 HIGH | 5.9 MEDIUM |
| main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. | |||||
| CVE-2016-7098 | 1 Gnu | 1 Wget | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | |||||
| CVE-2014-1441 | 1 Coreftp | 1 Core Ftp | 2025-04-12 | 4.3 MEDIUM | N/A |
| Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice. | |||||
| CVE-2016-0858 | 1 Advantech | 1 Webaccess | 2025-04-12 | 9.3 HIGH | 8.1 HIGH |
| Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. | |||||
| CVE-2016-6136 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
| Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability. | |||||
| CVE-2015-8839 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 1.9 LOW | 5.1 MEDIUM |
| Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. | |||||
| CVE-2014-3385 | 1 Cisco | 1 Asa | 2025-04-12 | 7.8 HIGH | N/A |
| Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556. | |||||
| CVE-2015-6761 | 2 Ffmpeg, Google | 2 Ffmpeg, Chrome | 2025-04-12 | 6.8 MEDIUM | N/A |
| The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. | |||||
| CVE-2014-5033 | 3 Canonical, Debian, Kde | 4 Ubuntu Linux, Kde4libs, Kauth and 1 more | 2025-04-12 | 6.9 MEDIUM | N/A |
| KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." | |||||
| CVE-2010-5313 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.9 MEDIUM | N/A |
| Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842. | |||||
| CVE-2016-4954 | 5 Ntp, Opensuse, Oracle and 2 more | 15 Ntp, Leap, Opensuse and 12 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | |||||
| CVE-2014-8640 | 2 Mozilla, Opensuse | 3 Firefox, Seamonkey, Opensuse | 2025-04-12 | 5.0 MEDIUM | N/A |
| The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. | |||||
| CVE-2015-3339 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-12 | 6.2 MEDIUM | N/A |
| Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. | |||||
| CVE-2015-3216 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2025-04-12 | 4.3 MEDIUM | N/A |
| Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. | |||||
| CVE-2015-7814 | 1 Xen | 1 Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
| Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. | |||||
| CVE-2016-3760 | 1 Google | 1 Android | 2025-04-12 | 5.4 MEDIUM | 7.5 HIGH |
| Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683. | |||||
| CVE-2015-0609 | 1 Cisco | 1 Ios | 2025-04-12 | 7.1 HIGH | N/A |
| Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. | |||||