Total
1893 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6819 | 1 Microsoft | 2 Windows 2003 Server, Windows Vista | 2025-04-09 | 4.7 MEDIUM | N/A |
| win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5182 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.9 MEDIUM | N/A |
| The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. | |||||
| CVE-2008-2365 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 4.7 MEDIUM | N/A |
| Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x. | |||||
| CVE-2009-1527 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.9 MEDIUM | N/A |
| Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object. | |||||
| CVE-2008-4392 | 1 D.j.bernstein | 1 Djbdns | 2025-04-09 | 6.4 MEDIUM | N/A |
| dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query. | |||||
| CVE-2007-2654 | 2 Suse, Xfsdump | 8 Opensuse, Suse Linux, Suse Linux Openexchange Server and 5 more | 2025-04-09 | 4.4 MEDIUM | N/A |
| xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. | |||||
| CVE-2008-0379 | 1 Businessobjects | 1 Crystal Reports Xi | 2025-04-09 | 9.3 HIGH | N/A |
| Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. | |||||
| CVE-2009-1837 | 4 Debian, Fedoraproject, Mozilla and 1 more | 9 Debian Linux, Fedora, Firefox and 6 more | 2025-04-09 | 9.3 HIGH | 7.5 HIGH |
| Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | |||||
| CVE-2008-2958 | 1 Checkinstall | 1 Checkinstall | 2025-04-09 | 4.4 MEDIUM | N/A |
| Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories. | |||||
| CVE-2007-5794 | 1 Nss Ldap | 1 Nss Ldap | 2025-04-09 | 4.3 MEDIUM | N/A |
| Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected. | |||||
| CVE-2007-1249 | 1 Contelligent | 1 C1 Financial Services | 2025-04-09 | 6.8 MEDIUM | N/A |
| MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components. | |||||
| CVE-2008-2311 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.6 HIGH | N/A |
| Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | |||||
| CVE-2009-2836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.2 MEDIUM | N/A |
| Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | |||||
| CVE-2005-4883 | 1 Philippe Jounin | 1 Tftpd32 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames." | |||||
| CVE-2007-0997 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.9 MEDIUM | N/A |
| Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers. | |||||
| CVE-2008-0055 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | |||||
| CVE-2009-0784 | 2 Debian, Systemtap | 2 Debian Linux, Systemtap | 2025-04-09 | 6.3 MEDIUM | N/A |
| Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors. | |||||
| CVE-2009-1707 | 1 Apple | 1 Safari | 2025-04-09 | 1.2 LOW | N/A |
| Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. | |||||
| CVE-2009-1894 | 1 Pulseaudio | 1 Pulseaudio | 2025-04-09 | 7.2 HIGH | N/A |
| Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink. | |||||
| CVE-2007-6077 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-09 | 6.8 MEDIUM | N/A |
| The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. | |||||