CVE-2024-36621

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...

CVE-2024-38407 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver...

SUSE-SU-2024:2790-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 115.13 MFSA 2024-31, bsc1226316: Security fixes: - CVE-2024-6600: Memory corruption in WebGL API bmo1888340 - CVE-2024-6601: Race condition in permission assignment bmo1890748 - CVE-2024-6602: Memory...

CVE-2023-21055

In dithalioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References:...

CVE-2020-12050

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library...

CVE-2020-0008

In LowEnergyClient::MtuChangedCallback of lowenergyclient.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

WebKitGTK+ - 'ThreadedCompositor' Race Condition

@keyframes foo 0% opacity: 0; 100% opacity: 1; div animation-name: foo; animation-duration: 1s; animation-iteration-count: infinite; filter: saturate50%; frame = document.createElement"iframe"; setInterval = frame.remove; document.body.appendChildframe; doc = frame.contentDocument;...

Keybase: Privilege Escalation through Keybase Installer via Helper

Keybase.app is bundled with the components installer named KeybaseInstaller.app. When --install-app-bundle --source-path --app-path is given to installer, KBAppBundle.m checks if is properly codesigned, then copies it to . First, there's two vulnerabilities in the source path validation: the chec...

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

This module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion...

CVE-2013-1445

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator PRNG before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a...

CentOS Update for ruby CESA-2011:0909 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RedHat Update for python RHSA-2011:0492-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2009-1894

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LDBINDNOW to 1, and then calling execv on the target of the /proc/self/exe symlink...

RedHat Security Advisory RHSA-2009:0373

The remote host is missing updates announced in advisory RHSA-2009:0373. SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then...

Ubuntu 5.04 : ekg vulnerabilities (USN-162-1)

Marcin Owsiany and Wojtek Kaniewski discovered that some contributed scripts contrib/ekgh, contrib/ekgnv.sh, and contrib/getekg.sh in the ekg package created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the...