Total
1700 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3063 | 1 Cisco | 1 Application Control Engine Software | 2013-03-22 | 7.1 HIGH | N/A |
| Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058. | |||||
| CVE-2013-0266 | 1 Openstack | 2 Essex, Folsom | 2013-03-18 | 2.1 LOW | N/A |
| manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. | |||||
| CVE-2009-3110 | 1 Symantec | 1 Altiris Deployment Solution | 2013-02-07 | 5.8 MEDIUM | N/A |
| Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. | |||||
| CVE-2012-6095 | 1 Proftpd | 1 Proftpd | 2013-01-25 | 1.2 LOW | N/A |
| ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. | |||||
| CVE-2010-2793 | 1 Redhat | 2 Enterprise Virtualization Manager, Spice-activex | 2013-01-16 | 6.8 MEDIUM | N/A |
| Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. | |||||
| CVE-2011-1485 | 1 Redhat | 1 Policykit | 2012-12-19 | 6.9 MEDIUM | N/A |
| Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. | |||||
| CVE-2012-3483 | 1 Google | 1 Tunnelblick | 2012-08-27 | 6.2 MEDIUM | N/A |
| Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. | |||||
| CVE-2011-5118 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 1.9 LOW | N/A |
| Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors. | |||||
| CVE-2011-5119 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 1.9 LOW | N/A |
| Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors. | |||||
| CVE-2010-5157 | 2 Comodo, Microsoft | 2 Comodo Internet Security, Windows Xp | 2012-08-27 | 6.2 MEDIUM | N/A |
| Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. | |||||
| CVE-2012-3487 | 1 Google | 1 Tunnelblick | 2012-08-27 | 1.2 LOW | N/A |
| Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | |||||
| CVE-2011-5117 | 1 Sophos | 3 Disk Encryption, Safeguard Easy Device Encryption Client, Safeguard Enterprise Device Encryption | 2012-08-24 | 6.9 MEDIUM | N/A |
| Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials. | |||||
| CVE-2012-1174 | 1 Linux | 1 Systemd | 2012-08-14 | 3.3 LOW | N/A |
| The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session." | |||||
| CVE-2011-1625 | 1 Cisco | 1 Ios | 2012-03-15 | 5.4 MEDIUM | N/A |
| Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629. | |||||
| CVE-2010-4807 | 1 Ibm | 1 Web Content Manager | 2011-07-13 | 3.5 LOW | N/A |
| Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception. | |||||
| CVE-2010-4765 | 1 Otrs | 1 Otrs | 2011-03-22 | 4.9 MEDIUM | N/A |
| Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets. | |||||
| CVE-2009-0142 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 1.9 LOW | N/A |
| Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." | |||||
| CVE-2007-4696 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | |||||
| CVE-2006-4801 | 1 Roxio | 1 Toast | 2011-03-08 | 6.2 MEDIUM | N/A |
| Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges. | |||||
| CVE-2010-3495 | 1 Zope | 1 Zodb | 2011-01-22 | 4.3 MEDIUM | N/A |
| Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | |||||