Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2015-7543 Race Condition vulnerability in multiple products
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
4.4
2017-07-17 CVE-2017-11353 Race Condition vulnerability in Yadm Project Yadm 1.10.0
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.
4.3
2017-07-17 CVE-2016-4984 Race Condition vulnerability in Openldap Openldap-Servers
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
1.9
2017-07-17 CVE-2016-4982 Race Condition vulnerability in Teether Authd
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.
1.9
2017-07-17 CVE-2016-0764 Race Condition vulnerability in Redhat Networkmanager
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.
local
low complexity
redhat CWE-362
2.1
2017-07-07 CVE-2014-7953 Race Condition vulnerability in Google Android 4.4.4
Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.
local
high complexity
google CWE-362
7.0
2017-07-05 CVE-2017-10915 Race Condition vulnerability in XEN
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
network
xen CWE-362
6.8
2017-07-05 CVE-2017-10914 Race Condition vulnerability in XEN
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
network
xen CWE-362
6.8
2017-06-13 CVE-2017-8242 Race Condition vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.
network
google CWE-362
4.3
2017-06-13 CVE-2017-7368 Race Condition vulnerability in Google Android
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
network
high complexity
google CWE-362
7.6