Total
1264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2958 | 1 Checkinstall | 1 Checkinstall | 2017-08-07 | 4.4 MEDIUM | N/A |
| Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories. | |||||
| CVE-2008-1570 | 1 Policyd-weight | 1 Policyd-weight | 2017-08-07 | 6.9 MEDIUM | N/A |
| Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569. | |||||
| CVE-2008-2311 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.6 HIGH | N/A |
| Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | |||||
| CVE-2008-0058 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.8 MEDIUM | N/A |
| Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | |||||
| CVE-2008-0055 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.2 HIGH | N/A |
| Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | |||||
| CVE-2008-0059 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.8 MEDIUM | N/A |
| Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | |||||
| CVE-2015-7891 | 1 Samsung | 1 Samsung Mobile | 2017-08-04 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | |||||
| CVE-2015-7543 | 2 Artsproject, Kde | 2 Arts, Kdelibs | 2017-07-31 | 4.4 MEDIUM | 7.0 HIGH |
| aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | |||||
| CVE-2007-6180 | 1 Sun | 1 Solaris | 2017-07-28 | 7.6 HIGH | N/A |
| Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. | |||||
| CVE-2007-5847 | 1 Apple | 1 Mac Os X | 2017-07-28 | 6.6 MEDIUM | N/A |
| Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | |||||
| CVE-2007-5154 | 1 Aimluck | 2 Aipo, Aipo Asp | 2017-07-28 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2007-1741 | 1 Apache | 1 Http Server | 2017-07-28 | 6.2 MEDIUM | N/A |
| Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." | |||||
| CVE-2007-1249 | 1 Contelligent | 1 C1 Financial Services | 2017-07-28 | 6.8 MEDIUM | N/A |
| MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components. | |||||
| CVE-2004-2698 | 1 Imwheel | 1 Imwheel | 2017-07-28 | 6.9 MEDIUM | N/A |
| Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file. | |||||
| CVE-2004-2697 | 1 Ibm | 1 Aix | 2017-07-28 | 6.9 MEDIUM | N/A |
| The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. | |||||
| CVE-2003-1438 | 1 Bea | 1 Weblogic Server | 2017-07-28 | 4.3 MEDIUM | N/A |
| Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | |||||
| CVE-2002-2244 | 1 Akfingerd | 1 Akfingerd | 2017-07-28 | 2.1 LOW | N/A |
| Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle. | |||||
| CVE-2017-11353 | 1 Yadm Project | 1 Yadm | 2017-07-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys. | |||||
| CVE-2017-2421 | 1 Apple | 1 Mac Os X | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2015-8996 | 1 Google | 1 Android | 2017-07-10 | 7.6 HIGH | 7.0 HIGH |
| In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | |||||