Vulnerabilities (CVE)

Filtered by CWE-362
Total 1778 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2961 1 Scott James Remnant 1 Mountall 2025-04-11 6.9 MEDIUM N/A
mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.
CVE-2010-5164 2 Kingsoft, Microsoft 2 Personal Firewall 9, Windows Xp 2025-04-11 6.2 MEDIUM 5.3 MEDIUM
Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2012-3868 1 Isc 1 Bind 2025-04-11 4.3 MEDIUM N/A
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
CVE-2010-5182 2 Microsoft, Virusbuster 2 Windows Xp, Virusbuster Internet Securit Suite 2025-04-11 6.2 MEDIUM N/A
Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2012-3386 1 Gnu 1 Automake 2025-04-11 4.4 MEDIUM N/A
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
CVE-2012-4508 1 Linux 1 Linux Kernel 2025-04-11 1.9 LOW N/A
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.
CVE-2010-5153 2 Avira, Microsoft 2 Premium Security Suite, Windows Xp 2025-04-11 6.2 MEDIUM 5.3 MEDIUM
Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2012-5415 1 Cisco 3 5500 Adaptive Security Appliance, 5500 Series Adaptive Security Appliance, Adaptive Security Appliance 2025-04-11 5.4 MEDIUM N/A
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.
CVE-2011-5117 1 Sophos 3 Disk Encryption, Safeguard Easy Device Encryption Client, Safeguard Enterprise Device Encryption 2025-04-11 6.9 MEDIUM N/A
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.
CVE-2010-2653 1 Linux 1 Linux Kernel 2025-04-11 6.9 MEDIUM N/A
Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions.
CVE-2013-4481 2 Redhat, Scientificlinux 2 Enterprise Linux, Luci 2025-04-11 1.9 LOW N/A
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."
CVE-2012-0649 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 6.9 MEDIUM N/A
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
CVE-2013-4288 4 Canonical, Opensuse, Polkit Project and 1 more 4 Ubuntu Linux, Opensuse, Polkit and 1 more 2025-04-11 7.2 HIGH N/A
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
CVE-2012-2737 1 Ray Stode 1 Accountsservice 2025-04-11 1.9 LOW N/A
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
CVE-2010-4526 3 Linux, Redhat, Vmware 3 Linux Kernel, Enterprise Mrg, Esx 2025-04-11 7.1 HIGH N/A
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
CVE-2010-5156 2 Ca, Microsoft 2 Internet Security Suite 2010, Windows Xp 2025-04-11 6.2 MEDIUM N/A
Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2012-3500 2 Devscripts Devel Team, Fedora 2 Devscripts, Rpmdevtools 2025-04-11 1.2 LOW N/A
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
CVE-2014-1921 1 Parcimonie Project 1 Parcimonie 2025-04-11 7.5 HIGH N/A
parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors.
CVE-2011-3080 1 Google 1 Chrome 2025-04-11 7.6 HIGH N/A
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
CVE-2013-1255 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-11 4.9 MEDIUM N/A
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.