Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-20 | CVE-2015-2418 | Race Condition vulnerability in Microsoft Malicious Software Removal Tool Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability." | 6.9 |
| 2015-07-07 | CVE-2015-3216 | Race Condition vulnerability in multiple products Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. | 4.3 |
| 2015-07-03 | CVE-2015-3709 | Race Condition vulnerability in Apple mac OS X Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. | 6.9 |
| 2015-06-27 | CVE-2015-4199 | Race Condition vulnerability in Cisco IOS 15.3S Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366. | 7.1 |
| 2015-06-23 | CVE-2015-4203 | Race Condition vulnerability in Cisco IOS 12.2(33)Sch/12.2Sch Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396. | 5.4 |
| 2015-05-14 | CVE-2015-2715 | Race Condition vulnerability in multiple products Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. | 6.8 |
| 2015-05-13 | CVE-2015-3081 | Race Condition vulnerability in Adobe products Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors. | 4.3 |
| 2015-05-12 | CVE-2015-2234 | Race Condition vulnerability in Lenovo System Update 5.06.0027 Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. | 6.9 |
| 2015-04-27 | CVE-2015-1882 | Race Condition vulnerability in IBM Websphere Application Server Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user. | 8.5 |
| 2015-04-27 | CVE-2015-2706 | Race Condition vulnerability in Mozilla Firefox Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization. | 6.8 |