CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-362

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-2547 362 DoS 2016-04-27 2016-04-28
4.7
None Local Medium Not required None None Complete
sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
2 CVE-2016-2546 362 DoS 2016-04-27 2016-04-28
4.7
None Local Medium Not required None None Complete
sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
3 CVE-2016-2545 362 DoS 2016-04-27 2016-04-28
4.7
None Local Medium Not required None None Complete
The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.
4 CVE-2016-2544 362 DoS 2016-04-27 2016-04-28
4.7
None Local Medium Not required None None Complete
Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.
5 CVE-2016-1975 362 DoS Mem. Corr. 2016-03-13 2016-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
6 CVE-2016-1757 362 Exec Code 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
7 CVE-2016-1267 362 2016-04-15 2016-04-20
4.4
None Local Medium Not required Partial Partial Partial
Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors.
8 CVE-2016-0848 362 Bypass 2016-04-17 2016-04-20
7.2
None Local Low Not required Complete Complete Complete
Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054.
9 CVE-2016-0723 362 DoS +Info 2016-02-07 2016-03-01
5.6
None Local Low Not required Partial None Complete
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
10 CVE-2015-8767 362 DoS 2016-02-07 2016-02-25
5.0
None Remote Low Not required None None Partial
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
11 CVE-2015-8511 362 Bypass 2016-01-08 2016-01-14
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
12 CVE-2015-8461 362 DoS 2015-12-16 2015-12-17
7.1
None Remote Medium Not required None None Complete
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
13 CVE-2015-7990 362 DoS 2015-12-28 2015-12-28
5.9
None Local Medium Not required Partial Partial Complete
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.
14 CVE-2015-7820 362 Dir. Trav. 2015-11-11 2015-11-12
7.1
None Remote Medium Not required Complete None None
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
15 CVE-2015-7817 362 Dir. Trav. 2015-11-11 2015-11-12
7.1
None Remote Medium Not required Complete None None
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
16 CVE-2015-7550 362 DoS 2016-02-07 2016-03-01
4.9
None Local Low Not required None None Complete
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.
17 CVE-2015-7312 362 DoS +Priv 2015-11-16 2015-11-16
4.4
None Local Medium Not required Partial Partial Partial
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.
18 CVE-2015-6789 362 DoS 2015-12-14 2015-12-14
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.
19 CVE-2015-6761 362 DoS Mem. Corr. 2015-10-15 2015-10-15
6.8
None Remote Medium Not required Partial Partial Partial
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.
20 CVE-2015-6126 362 DoS +Priv 2015-12-09 2015-12-09
7.2
None Local Low Not required Complete Complete Complete
Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application, aka "Windows PGM UAF Elevation of Privilege Vulnerability."
21 CVE-2015-5754 362 Exec Code 2015-08-16 2015-08-19
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.
22 CVE-2015-5240 362 Bypass 2015-10-27 2015-10-28
3.5
None Remote Medium Single system None Partial None
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
23 CVE-2015-5189 362 +Priv 2015-09-03 2015-09-04
4.9
None Remote Medium Single system Partial Partial None
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.
24 CVE-2015-4510 362 DoS Exec Code 2015-09-24 2015-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.
25 CVE-2015-4481 362 +Priv 2015-08-15 2015-08-26
3.3
None Local Medium Not required None Partial Partial
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
26 CVE-2015-4203 362 DoS 2015-06-23 2015-06-23
5.4
None Remote High Not required None None Complete
Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.
27 CVE-2015-4199 362 DoS 2015-06-27 2015-06-29
7.1
None Remote Medium Not required None None Complete
Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366.
28 CVE-2015-3709 362 Bypass 2015-07-02 2015-07-07
6.9
None Local Medium Not required Complete Complete Complete
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
29 CVE-2015-3339 362 +Priv 2015-05-27 2015-06-30
6.2
None Local High Not required Complete Complete Complete
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
30 CVE-2015-3216 362 DoS 2015-07-07 2015-07-09
4.3
None Remote Medium Not required None None Partial
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
31 CVE-2015-3212 362 DoS 2015-08-31 2015-08-31
4.9
None Local Low Not required None None Complete
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
32 CVE-2015-3196 362 DoS 2015-12-06 2016-04-21
4.3
None Remote Medium Not required None None Partial
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
33 CVE-2015-3081 362 Bypass 2015-05-13 2015-05-26
4.3
None Remote Medium Not required None Partial None
Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors.
34 CVE-2015-2715 362 DoS Exec Code Mem. Corr. 2015-05-14 2015-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.
35 CVE-2015-2706 362 DoS Exec Code 2015-04-27 2015-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization.
36 CVE-2015-2418 362 +Priv 2015-07-20 2015-07-22
6.9
None Local Medium Not required Complete Complete Complete
Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability."
37 CVE-2015-2234 362 +Priv 2015-05-12 2015-05-14
6.9
None Local Medium Not required Complete Complete Complete
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
38 CVE-2015-1882 362 Exec Code +Priv 2015-04-27 2015-11-30
8.5
None Remote Medium Single system Complete Complete Complete
Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.
39 CVE-2015-1791 362 DoS 2015-06-12 2016-04-06
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
40 CVE-2015-1420 362 Bypass 2015-03-16 2015-11-24
1.9
None Local Medium Not required Partial None None
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
41 CVE-2015-1234 362 DoS Overflow 2015-04-01 2015-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.
42 CVE-2015-1200 362 Bypass 2015-01-23 2015-01-26
2.1
None Local Low Not required None Partial None
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.
43 CVE-2015-1099 362 DoS 2015-04-10 2015-09-30
4.0
None Local High Not required None None Complete
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
44 CVE-2015-0654 362 DoS 2015-03-12 2015-09-11
7.1
None Remote Medium Not required None None Complete
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.
45 CVE-2015-0632 362 DoS 2015-02-26 2015-11-02
5.7
None Local Network Medium Not required None None Complete
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.
46 CVE-2015-0631 362 DoS 2015-02-21 2015-03-04
7.1
None Remote Medium Not required None None Complete
Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688.
47 CVE-2015-0610 362 Bypass 2015-02-11 2015-10-30
4.3
None Remote Medium Not required Partial None None
Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.
48 CVE-2015-0609 362 DoS 2015-02-15 2015-10-23
7.1
None Remote Medium Not required None None Complete
Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752.
49 CVE-2015-0608 362 DoS 2015-02-11 2015-10-23
7.1
None Remote Medium Not required None None Complete
Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736.
50 CVE-2015-0245 362 DoS 2015-02-13 2015-04-14
1.9
None Local Medium Not required None None Partial
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
Total number of vulnerabilities : 357   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.