Vulnerabilities (CVE)

Filtered by CWE-362
Total 1553 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4027 1 Linux 1 Linux Kernel 2024-11-21 7.1 HIGH N/A
Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session.
CVE-2009-4011 1 Dtc-xen Project 1 Dtc-xen 2024-11-21 6.8 MEDIUM 8.1 HIGH
dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.
CVE-2009-3547 8 Canonical, Fedoraproject, Linux and 5 more 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
CVE-2009-3527 1 Freebsd 1 Freebsd 2024-11-21 6.9 MEDIUM N/A
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption.
CVE-2009-3447 1 Radactive 1 I-load 2024-11-21 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window.
CVE-2009-3110 1 Symantec 1 Altiris Deployment Solution 2024-11-21 5.8 MEDIUM N/A
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.
CVE-2009-2836 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 6.2 MEDIUM N/A
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.
CVE-2009-2794 1 Apple 1 Iphone Os 2024-11-21 4.6 MEDIUM N/A
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
CVE-2009-2724 1 Sun 1 Java Se 2024-11-21 9.3 HIGH N/A
Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."
CVE-2009-2644 1 Sun 2 Opensolaris, Solaris 2024-11-21 4.9 MEDIUM N/A
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."
CVE-2009-2314 1 Sun 2 Lightweight Availability Collection Tool, Solaris 2024-11-21 2.1 LOW N/A
Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.
CVE-2009-2135 1 Sun 2 Opensolaris, Solaris 2024-11-21 4.9 MEDIUM N/A
Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.
CVE-2009-1894 1 Pulseaudio 1 Pulseaudio 2024-11-21 7.2 HIGH N/A
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
CVE-2009-1837 4 Debian, Fedoraproject, Mozilla and 1 more 9 Debian Linux, Fedora, Firefox and 6 more 2024-11-21 9.3 HIGH 7.5 HIGH
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
CVE-2009-1786 1 Ibm 1 Aix 2024-11-21 6.9 MEDIUM N/A
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
CVE-2009-1707 1 Apple 1 Safari 2024-11-21 1.2 LOW N/A
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
CVE-2009-1527 1 Linux 1 Linux Kernel 2024-11-21 6.9 MEDIUM N/A
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.
CVE-2009-1238 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.2 HIGH N/A
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.
CVE-2009-1215 1 Gnu 1 Gnu Screen 2024-11-21 1.9 LOW N/A
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
CVE-2009-1207 1 Sun 2 Opensolaris, Solaris 2024-11-21 4.4 MEDIUM N/A
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.