Total
1495 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0794 | 1 Google | 1 Android | 2019-10-03 | N/A |
| A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. | ||||
| CVE-2017-8280 | 1 Google | 1 Android | 2019-10-03 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. | ||||
| CVE-2018-4158 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-10-03 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2018-4157 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2017-9677 | 1 Google | 1 Android | 2019-10-03 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. | ||||
| CVE-2018-4156 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2018-4155 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2017-16512 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2019-10-03 | N/A |
| The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. | ||||
| CVE-2017-16001 | 1 Hashicorp | 1 Vagrant | 2019-10-03 | N/A |
| In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | ||||
| CVE-2017-15884 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2019-10-03 | N/A |
| In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | ||||
| CVE-2017-14483 | 1 Gentoo | 1 Dev-python-flower | 2019-10-03 | N/A |
| flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | ||||
| CVE-2017-14880 | 1 Google | 1 Android | 2019-10-03 | N/A |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule" does not have a mutex lock and thus can be accessed and modified by multiple threads. | ||||
| CVE-2017-0727 | 1 Google | 1 Android | 2019-10-03 | N/A |
| A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354. | ||||
| CVE-2017-11823 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | N/A |
| The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | ||||
| CVE-2018-14329 | 1 Htslib | 1 Htslib | 2019-09-18 | 4.7 Medium |
| In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2019-11546 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. | ||||
| CVE-2019-9271 | 1 Google | 1 Android | 2019-09-09 | 6.4 Medium |
| In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-15664 | 1 Docker | 1 Docker | 2019-09-01 | N/A |
| In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot). | ||||
| CVE-2019-2121 | 1 Google | 1 Android | 2019-08-22 | N/A |
| In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-131105245. | ||||
| CVE-2016-10798 | 1 Cpanel | 1 Cpanel | 2019-08-13 | N/A |
| cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134). | ||||