Vulnerabilities (CVE)

Filtered by CWE-362
Total 1836 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2836 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 6.2 MEDIUM N/A
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.
CVE-2005-4883 1 Philippe Jounin 1 Tftpd32 2025-04-09 4.3 MEDIUM N/A
Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames."
CVE-2007-0997 1 Linux 1 Linux Kernel 2025-04-09 6.9 MEDIUM N/A
Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.
CVE-2008-0055 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 7.2 HIGH N/A
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.
CVE-2009-0784 2 Debian, Systemtap 2 Debian Linux, Systemtap 2025-04-09 6.3 MEDIUM N/A
Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.
CVE-2009-1707 1 Apple 1 Safari 2025-04-09 1.2 LOW N/A
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
CVE-2009-1894 1 Pulseaudio 1 Pulseaudio 2025-04-09 7.2 HIGH N/A
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
CVE-2007-6077 1 Rubyonrails 2 Rails, Ruby On Rails 2025-04-09 6.8 MEDIUM N/A
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.
CVE-2008-5009 1 Sun 2 Solstice X.25, Sunos 2025-04-09 4.0 MEDIUM N/A
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
CVE-2008-1375 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2025-04-09 6.9 MEDIUM N/A
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
CVE-2009-1215 1 Gnu 1 Gnu Screen 2025-04-09 1.9 LOW N/A
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
CVE-2007-6429 1 X.org 3 Evi, Mit-shm, Xserver 2025-04-09 9.3 HIGH N/A
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
CVE-2007-0099 1 Microsoft 2 Internet Explorer, Xml Core Services 2025-04-09 9.3 HIGH N/A
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
CVE-2008-5044 1 Microsoft 2 Windows Server 2003, Windows Vista 2025-04-09 4.0 MEDIUM N/A
Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
CVE-2006-6275 1 Sun 2 Solaris, Sunos 2025-04-09 4.7 MEDIUM N/A
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.
CVE-2009-3447 1 Radactive 1 I-load 2025-04-09 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window.
CVE-2007-3091 1 Microsoft 6 Internet Explorer, Windows 2000, Windows 2003 Server and 3 more 2025-04-09 7.1 HIGH N/A
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."
CVE-2007-3970 1 Eset 1 Nod32 Antivirus 2025-04-09 7.6 HIGH N/A
Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.
CVE-2008-0933 1 Sun 1 Solaris 2025-04-09 4.7 MEDIUM N/A
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
CVE-2009-2724 1 Sun 1 Java Se 2025-04-09 9.3 HIGH N/A
Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."