Total
1700 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24951 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2023-02-16 | N/A | 7.0 HIGH |
| A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future. | |||||
| CVE-2022-24950 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2023-02-16 | N/A | 7.5 HIGH |
| A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId(). | |||||
| CVE-2022-39328 | 1 Grafana | 1 Grafana | 2023-02-16 | N/A | 8.1 HIGH |
| Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds. | |||||
| CVE-2013-4288 | 4 Canonical, Opensuse, Polkit Project and 1 more | 4 Ubuntu Linux, Opensuse, Polkit and 1 more | 2023-02-13 | 7.2 HIGH | N/A |
| Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. | |||||
| CVE-2013-3302 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.4 MEDIUM | N/A |
| Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event. | |||||
| CVE-2013-1792 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.7 MEDIUM | N/A |
| Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. | |||||
| CVE-2012-5660 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2023-02-13 | 6.9 MEDIUM | N/A |
| abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." | |||||
| CVE-2012-4508 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 1.9 LOW | N/A |
| Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. | |||||
| CVE-2012-3500 | 2 Devscripts Devel Team, Fedora | 2 Devscripts, Rpmdevtools | 2023-02-13 | 1.2 LOW | N/A |
| scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. | |||||
| CVE-2012-3386 | 1 Gnu | 1 Automake | 2023-02-13 | 4.4 MEDIUM | N/A |
| The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-1768 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 5.4 MEDIUM | N/A |
| The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. | |||||
| CVE-2011-1098 | 1 Gentoo | 1 Logrotate | 2023-02-13 | 1.9 LOW | N/A |
| Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. | |||||
| CVE-2010-4248 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.9 MEDIUM | N/A |
| Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c. | |||||
| CVE-2010-4526 | 3 Linux, Redhat, Vmware | 3 Linux Kernel, Enterprise Mrg, Esx | 2023-02-13 | 7.1 HIGH | N/A |
| Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. | |||||
| CVE-2010-3864 | 1 Openssl | 1 Openssl | 2023-02-13 | 7.6 HIGH | N/A |
| Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. | |||||
| CVE-2009-4027 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 7.1 HIGH | N/A |
| Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session. | |||||
| CVE-2008-4307 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.0 MEDIUM | N/A |
| Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case. | |||||
| CVE-2006-0039 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.7 MEDIUM | N/A |
| Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE. | |||||
| CVE-2011-2183 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 4.0 MEDIUM | N/A |
| Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. | |||||
| CVE-2009-1894 | 1 Pulseaudio | 1 Pulseaudio | 2023-02-13 | 7.2 HIGH | N/A |
| Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink. | |||||