CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-362

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2017-5427 362 2018-06-11 2018-08-07
1.9
None Local Medium Not required None Partial None
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.
452 CVE-2017-5068 362 2017-10-27 2021-09-08
5.1
None Remote High Not required Partial Partial Partial
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.
453 CVE-2017-5061 362 2017-10-27 2021-09-08
2.6
None Remote High Not required None Partial None
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
454 CVE-2017-5035 362 2017-04-24 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.
455 CVE-2017-3158 362 2018-01-18 2018-02-05
6.8
None Remote Medium Not required Partial Partial Partial
A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.
456 CVE-2017-2898 362 Exec Code 2017-11-07 2017-11-28
8.5
None Remote Medium ??? Complete Complete Complete
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.
457 CVE-2017-2636 362 DoS +Priv 2017-03-07 2018-01-05
7.2
None Local Low Not required Complete Complete Complete
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
458 CVE-2017-2619 362 2018-03-12 2019-10-09
6.0
None Remote Medium ??? Partial Partial Partial
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
459 CVE-2017-2616 362 2018-07-27 2019-10-09
4.7
None Local Medium Not required None None Complete
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
460 CVE-2017-2533 362 Exec Code 2017-05-22 2017-10-25
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
461 CVE-2017-2501 362 Exec Code 2017-05-22 2019-03-21
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
462 CVE-2017-2478 362 Exec Code 2017-04-02 2019-03-08
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
463 CVE-2017-2456 362 Exec Code 2017-04-02 2019-03-08
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
464 CVE-2017-2421 362 Exec Code 2017-04-02 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
465 CVE-2017-0794 362 2017-09-08 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
466 CVE-2017-0727 362 2017-08-09 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
467 CVE-2017-0462 362 Exec Code 2017-04-07 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.
468 CVE-2017-0343 362 DoS 2017-05-09 2017-05-17
6.9
None Local Medium Not required Complete Complete Complete
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.
469 CVE-2017-0161 362 Exec Code 2017-09-13 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".
470 CVE-2016-1000236 362 2019-11-19 2019-11-21
3.5
None Remote Medium ??? Partial None None
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
471 CVE-2016-11030 362 Overflow 2020-04-07 2020-04-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016).
472 CVE-2016-10906 362 2019-08-19 2019-10-15
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
473 CVE-2016-10798 362 2019-08-07 2019-08-13
4.9
None Remote Medium ??? Partial Partial None
cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).
474 CVE-2016-10741 362 DoS 2019-02-01 2019-04-18
4.7
None Local Medium Not required None None Complete
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.
475 CVE-2016-10538 362 2018-05-31 2019-10-09
4.9
None Remote Medium ??? None Partial Partial
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
476 CVE-2016-10439 362 2018-04-18 2018-05-01
9.3
None Remote Medium Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer dereference is being validated without promising the pointer hasn't been changed by the HLOS program.
477 CVE-2016-10435 362 2018-04-18 2018-05-01
9.3
None Remote Medium Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, in some QTEE syscall handlers, a TOCTOU vulnerability exists.
478 CVE-2016-10432 362 2018-04-18 2018-05-01
9.3
None Remote Medium Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to tQSEE system call.
479 CVE-2016-10417 362 2018-04-18 2018-05-01
9.3
None Remote Medium Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SDX20, in QTEE, a TOCTOU vulnerability exists due to improper access control.
480 CVE-2016-10409 362 2018-04-18 2018-05-01
9.3
None Remote Medium Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, TOCTOU vulnerability may occur while composing the RPMB request using HLOS controlled buffers.
481 CVE-2016-10383 362 2017-08-18 2017-08-23
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.
482 CVE-2016-10297 362 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
483 CVE-2016-10242 362 2017-05-16 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.
484 CVE-2016-10027 362 Bypass 2017-01-12 2021-02-23
4.3
None Remote Medium Not required Partial None None
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
485 CVE-2016-9962 362 2017-01-31 2018-10-09
4.4
None Local Medium Not required Partial Partial Partial
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
486 CVE-2016-9806 362 DoS 2016-12-28 2018-01-05
7.2
None Local Low Not required Complete Complete Complete
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
487 CVE-2016-9794 362 DoS 2016-12-28 2018-01-05
7.2
None Local Low Not required Complete Complete Complete
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
488 CVE-2016-9381 362 +Priv 2017-01-23 2020-10-23
6.9
None Local Medium Not required Complete Complete Complete
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
489 CVE-2016-9256 362 2017-05-09 2017-05-16
6.0
None Remote Medium ??? Partial Partial Partial
In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.
490 CVE-2016-9077 362 2018-06-11 2018-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.
491 CVE-2016-9038 362 Mem. Corr. 2018-04-24 2018-06-13
4.4
None Local Medium Not required Partial Partial Partial
An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability.
492 CVE-2016-8655 362 DoS +Priv 2016-12-08 2018-05-25
7.2
None Local Low Not required Complete Complete Complete
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
493 CVE-2016-7916 362 +Info 2016-11-16 2017-01-18
4.7
None Local Medium Not required Complete None None
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.
494 CVE-2016-7911 362 DoS +Priv 2016-11-16 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
495 CVE-2016-7777 362 2016-10-07 2017-07-01
3.3
None Local Medium Not required Partial Partial None
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
496 CVE-2016-7098 362 Bypass 2016-09-26 2017-09-03
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
497 CVE-2016-6663 362 +Priv 2016-12-13 2019-03-05
4.4
None Local Medium Not required Partial Partial Partial
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
498 CVE-2016-6480 362 DoS 2016-08-06 2018-01-05
4.7
None Local Medium Not required None None Complete
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
499 CVE-2016-6156 362 DoS 2016-08-06 2016-11-28
1.9
None Local Medium Not required None None Partial
Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.
500 CVE-2016-6136 362 Bypass 2016-08-06 2018-01-05
1.9
None Local Medium Not required None Partial None
Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.
Total number of vulnerabilities : 895   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.