Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

DATE CVE VULNERABILITY TITLE RISK
2017-10-18 CVE-2017-15588 Race Condition vulnerability in XEN 4.9.0
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
local
xen CWE-362
6.9
2017-10-13 CVE-2017-11823 Race Condition vulnerability in Microsoft Windows 10 and Windows Server 2016
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
local
low complexity
microsoft CWE-362
7.2
2017-10-10 CVE-2017-9697 Race Condition vulnerability in Google Android 8.0
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.
local
google CWE-362
4.4
2017-10-10 CVE-2015-8239 Race Condition vulnerability in Sudo Project Sudo
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
6.9
2017-10-10 CVE-2017-15038 Race Condition vulnerability in Qemu
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
local
qemu CWE-362
1.9
2017-10-05 CVE-2017-15037 Race Condition vulnerability in Freebsd
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.
network
freebsd CWE-362
6.8
2017-10-05 CVE-2017-1000112 Race Condition vulnerability in Linux Kernel
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch.
local
high complexity
linux CWE-362
7.0
2017-10-02 CVE-2017-14955 Race Condition vulnerability in Checkmk
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
network
high complexity
checkmk CWE-362
5.9
2017-09-26 CVE-2017-14748 Race Condition vulnerability in Blizzard Overwatch 1.15.0.2
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.
network
blizzard CWE-362
3.5
2017-09-25 CVE-2017-1346 Race Condition vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan.
local
ibm CWE-362
1.9