Search
Total
1179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4765 | 1 Otrs | 1 Otrs | 2011-03-22 | 4.9 MEDIUM | N/A |
| Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets. | |||||
| CVE-2009-0142 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 1.9 LOW | N/A |
| Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." | |||||
| CVE-2008-4229 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2011-03-08 | 3.7 LOW | N/A |
| Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | |||||
| CVE-2007-4696 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | |||||
| CVE-2006-4801 | 1 Roxio | 1 Toast | 2011-03-08 | 6.2 MEDIUM | N/A |
| Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges. | |||||
| CVE-2010-3495 | 1 Zope | 1 Zodb | 2011-01-22 | 4.3 MEDIUM | N/A |
| Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | |||||
| CVE-2010-2792 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2011-01-11 | 3.3 LOW | N/A |
| Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket. | |||||
| CVE-2009-1707 | 1 Apple | 1 Safari | 2010-12-10 | 1.2 LOW | N/A |
| Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. | |||||
| CVE-2010-4012 | 1 Apple | 1 Iphone Os | 2010-12-09 | 6.2 MEDIUM | N/A |
| Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. | |||||
| CVE-2009-5011 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 4.3 MEDIUM | N/A |
| Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494. | |||||
| CVE-2009-5010 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 4.3 MEDIUM | N/A |
| Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494. | |||||
| CVE-2010-3494 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 4.3 MEDIUM | N/A |
| Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | |||||
| CVE-2010-2961 | 1 Scott James Remnant | 1 Mountall | 2010-09-15 | 6.9 MEDIUM | N/A |
| mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file. | |||||
| CVE-2009-4440 | 1 Sun | 1 Java System Directory Server | 2010-06-13 | 6.8 MEDIUM | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593. | |||||
| CVE-2010-1161 | 1 Gnu | 1 Nano | 2010-06-07 | 3.7 LOW | N/A |
| Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. | |||||
| CVE-2010-0732 | 2 Gnome, Gtk | 2 Screensaver, Gtk\+ | 2010-06-05 | 6.2 MEDIUM | N/A |
| gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. | |||||
| CVE-2009-2314 | 1 Sun | 2 Lightweight Availability Collection Tool, Solaris | 2010-05-29 | 2.1 LOW | N/A |
| Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors. | |||||
| CVE-2010-1151 | 1 Apache | 1 Apache Http Server | 2010-05-27 | 6.8 MEDIUM | N/A |
| Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials. | |||||
| CVE-2010-0923 | 1 Kde | 1 Kde Sc | 2010-03-04 | 6.9 MEDIUM | N/A |
| Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes. | |||||
| CVE-2005-4883 | 1 Philippe Jounin | 1 Tftpd32 | 2009-11-23 | 4.3 MEDIUM | N/A |
| Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames." | |||||
| CVE-2009-2836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.2 MEDIUM | N/A |
| Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | |||||
| CVE-2009-3527 | 1 Freebsd | 1 Freebsd | 2009-10-07 | 6.9 MEDIUM | N/A |
| Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. | |||||
| CVE-2008-6819 | 1 Microsoft | 2 Windows 2003 Server, Windows Vista | 2009-06-29 | 4.7 MEDIUM | N/A |
| win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0875 | 1 Sun | 2 Opensolaris, Solaris | 2009-04-02 | 6.9 MEDIUM | N/A |
| Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server. | |||||
| CVE-2008-5162 | 1 Freebsd | 1 Freebsd | 2008-12-03 | 6.9 MEDIUM | N/A |
| The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator. | |||||
| CVE-2007-2654 | 2 Suse, Xfsdump | 8 Opensuse, Suse Linux, Suse Linux Openexchange Server and 5 more | 2008-11-13 | 4.4 MEDIUM | N/A |
| xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. | |||||
| CVE-2007-0997 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 6.9 MEDIUM | N/A |
| Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers. | |||||
| CVE-2002-2374 | 1 Sun | 1 Patchpro | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | |||||
| CVE-2003-1562 | 1 Openbsd | 1 Openssh | 2008-09-05 | 7.6 HIGH | N/A |
| sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. | |||||