Total
1495 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-1741 | 1 Apache | 1 Http Server | 2017-07-29 | N/A |
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." | ||||
CVE-2007-1249 | 1 Contelligent | 1 C1 Financial Services | 2017-07-29 | N/A |
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components. | ||||
CVE-2004-2698 | 1 Imwheel | 1 Imwheel | 2017-07-29 | N/A |
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file. | ||||
CVE-2004-2697 | 1 Ibm | 1 Aix | 2017-07-29 | N/A |
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. | ||||
CVE-2003-1438 | 1 Bea | 1 Weblogic Server | 2017-07-29 | N/A |
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | ||||
CVE-2002-2244 | 1 Akfingerd | 1 Akfingerd | 2017-07-29 | N/A |
Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle. | ||||
CVE-2017-11353 | 1 Yadm Project | 1 Yadm | 2017-07-25 | N/A |
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys. | ||||
CVE-2017-2421 | 1 Apple | 1 Mac Os X | 2017-07-12 | N/A |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
CVE-2016-10242 | 1 Google | 1 Android | 2017-07-11 | N/A |
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. | ||||
CVE-2015-8997 | 1 Google | 1 Android | 2017-07-11 | N/A |
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. | ||||
CVE-2015-8996 | 1 Google | 1 Android | 2017-07-11 | N/A |
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | ||||
CVE-2014-9936 | 1 Google | 1 Android | 2017-07-11 | N/A |
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. | ||||
CVE-2017-8242 | 1 Google | 1 Android | 2017-07-08 | N/A |
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. | ||||
CVE-2017-7372 | 1 Google | 1 Android | 2017-07-08 | N/A |
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. | ||||
CVE-2017-7368 | 1 Google | 1 Android | 2017-07-08 | N/A |
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. | ||||
CVE-2015-9022 | 1 Google | 1 Android | 2017-07-08 | N/A |
In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. | ||||
CVE-2014-9966 | 1 Google | 1 Android | 2017-07-08 | N/A |
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. | ||||
CVE-2016-7777 | 1 Xen | 1 Xen | 2017-07-01 | N/A |
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. | ||||
CVE-2016-2812 | 1 Mozilla | 1 Firefox | 2017-07-01 | N/A |
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. | ||||
CVE-2015-7814 | 1 Xen | 1 Xen | 2017-07-01 | N/A |
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. |