Total
1553 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4027 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | N/A |
Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session. | |||||
CVE-2009-4011 | 1 Dtc-xen Project | 1 Dtc-xen | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. | |||||
CVE-2009-3547 | 8 Canonical, Fedoraproject, Linux and 5 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | |||||
CVE-2009-3527 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 6.9 MEDIUM | N/A |
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. | |||||
CVE-2009-3447 | 1 Radactive | 1 I-load | 2024-11-21 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window. | |||||
CVE-2009-3110 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 5.8 MEDIUM | N/A |
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. | |||||
CVE-2009-2836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 6.2 MEDIUM | N/A |
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | |||||
CVE-2009-2794 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.6 MEDIUM | N/A |
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. | |||||
CVE-2009-2724 | 1 Sun | 1 Java Se | 2024-11-21 | 9.3 HIGH | N/A |
Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks." | |||||
CVE-2009-2644 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.9 MEDIUM | N/A |
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds." | |||||
CVE-2009-2314 | 1 Sun | 2 Lightweight Availability Collection Tool, Solaris | 2024-11-21 | 2.1 LOW | N/A |
Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors. | |||||
CVE-2009-2135 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.9 MEDIUM | N/A |
Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions. | |||||
CVE-2009-1894 | 1 Pulseaudio | 1 Pulseaudio | 2024-11-21 | 7.2 HIGH | N/A |
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink. | |||||
CVE-2009-1837 | 4 Debian, Fedoraproject, Mozilla and 1 more | 9 Debian Linux, Fedora, Firefox and 6 more | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | |||||
CVE-2009-1786 | 1 Ibm | 1 Aix | 2024-11-21 | 6.9 MEDIUM | N/A |
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable. | |||||
CVE-2009-1707 | 1 Apple | 1 Safari | 2024-11-21 | 1.2 LOW | N/A |
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. | |||||
CVE-2009-1527 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.9 MEDIUM | N/A |
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object. | |||||
CVE-2009-1238 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 7.2 HIGH | N/A |
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. | |||||
CVE-2009-1215 | 1 Gnu | 1 Gnu Screen | 2024-11-21 | 1.9 LOW | N/A |
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. | |||||
CVE-2009-1207 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.4 MEDIUM | N/A |
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. |