Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

DATE CVE VULNERABILITY TITLE RISK
2017-09-15 CVE-2017-14483 Race Condition vulnerability in Gentoo Dev-Python-Flower
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
local
low complexity
gentoo CWE-362
5.5
2017-09-14 CVE-2015-7553 Race Condition vulnerability in Redhat Enterprise Linux, Enterprise MRG and Kernel-Rt
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.
local
high complexity
redhat CWE-362
4.7
2017-09-13 CVE-2017-0161 Race Condition vulnerability in Microsoft products
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".
network
high complexity
microsoft CWE-362
8.1
2017-09-12 CVE-2017-14317 Race Condition vulnerability in XEN
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x.
local
high complexity
xen CWE-362
5.6
2017-09-08 CVE-2017-0794 Race Condition vulnerability in Google Android
A elevation of privilege vulnerability in the Upstream kernel scsi driver.
local
low complexity
google CWE-362
7.8
2017-09-08 CVE-2017-12146 Race Condition vulnerability in Linux Kernel
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.
local
high complexity
linux CWE-362
7.0
2017-09-06 CVE-2015-5948 Race Condition vulnerability in Salesagility Suitecrm
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
network
high complexity
salesagility CWE-362
8.1
2017-09-06 CVE-2015-5947 Race Condition vulnerability in Salesagility Suitecrm
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
network
high complexity
salesagility CWE-362
8.1
2017-08-25 CVE-2015-1325 Race Condition vulnerability in Canonical Ubuntu Linux
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
local
high complexity
canonical CWE-362
7.0
2017-08-24 CVE-2017-12136 Race Condition vulnerability in multiple products
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
local
high complexity
xen citrix debian CWE-362
7.8