Total
1417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6180 | 1 Sun | 1 Solaris | 2023-12-10 | 7.6 HIGH | N/A |
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. | |||||
CVE-2007-5154 | 1 Aimluck | 2 Aipo, Aipo Asp | 2023-12-10 | 5.8 MEDIUM | N/A |
Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2007-0997 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 6.9 MEDIUM | N/A |
Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers. | |||||
CVE-2006-0039 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.7 MEDIUM | N/A |
Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE. | |||||
CVE-2005-3240 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | |||||
CVE-2006-1057 | 1 Gnome | 1 Gdm | 2023-12-10 | 3.7 LOW | N/A |
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | |||||
CVE-2004-2698 | 1 Imwheel | 1 Imwheel | 2023-12-10 | 6.9 MEDIUM | N/A |
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file. | |||||
CVE-2004-2697 | 1 Ibm | 1 Aix | 2023-12-10 | 6.9 MEDIUM | N/A |
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. | |||||
CVE-2004-2659 | 2 Mozilla, Opera | 2 Mozilla, Opera Browser | 2023-12-10 | 4.0 MEDIUM | N/A |
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407. | |||||
CVE-2006-2094 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | |||||
CVE-2004-2491 | 1 Opera | 1 Opera Browser | 2023-12-10 | 2.6 LOW | N/A |
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. | |||||
CVE-2003-1438 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | |||||
CVE-1999-0861 | 1 Microsoft | 4 Commercial Internet System, Internet Information Server, Site Server and 1 more | 2023-12-10 | 2.6 LOW | N/A |
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. | |||||
CVE-2003-1562 | 1 Openbsd | 1 Openssh | 2023-12-10 | 7.6 HIGH | N/A |
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. | |||||
CVE-2000-0864 | 1 Gnome | 1 Esound | 2023-12-10 | 6.2 MEDIUM | N/A |
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. | |||||
CVE-2002-2244 | 1 Akfingerd | 1 Akfingerd | 2023-12-10 | 2.1 LOW | N/A |
Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle. | |||||
CVE-2002-2374 | 1 Sun | 1 Patchpro | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." |