Total
1508 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5164 | 1 Apple | 1 Iphone Os | 2013-10-24 | 3.3 LOW | N/A |
| Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. | |||||
| CVE-2011-2731 | 1 Vmware | 1 Springsource Spring Security | 2013-10-24 | 5.1 MEDIUM | N/A |
| Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread. | |||||
| CVE-2013-5035 | 2 Htmlcleaner Project, Open-xchange | 2 Htmlcleaner, Open-xchange Appsuite | 2013-10-08 | 4.9 MEDIUM | N/A |
| Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations. | |||||
| CVE-2013-5474 | 1 Cisco | 1 Ios | 2013-10-07 | 7.8 HIGH | N/A |
| Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812. | |||||
| CVE-2013-5147 | 1 Apple | 1 Iphone Os | 2013-09-27 | 3.7 LOW | N/A |
| Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | |||||
| CVE-2012-3748 | 1 Apple | 2 Iphone Os, Safari | 2013-09-18 | 5.1 MEDIUM | N/A |
| Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | |||||
| CVE-2012-5415 | 1 Cisco | 3 5500 Adaptive Security Appliance, 5500 Series Adaptive Security Appliance, Adaptive Security Appliance | 2013-04-16 | 5.4 MEDIUM | N/A |
| Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. | |||||
| CVE-2012-1338 | 1 Cisco | 9 Catalyst 3560, Catalyst 3560-e, Catalyst 3560-x and 6 more | 2013-04-02 | 6.3 MEDIUM | N/A |
| Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. | |||||
| CVE-2012-3063 | 1 Cisco | 1 Application Control Engine Software | 2013-03-22 | 7.1 HIGH | N/A |
| Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058. | |||||
| CVE-2013-0266 | 1 Openstack | 2 Essex, Folsom | 2013-03-18 | 2.1 LOW | N/A |
| manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. | |||||
| CVE-2009-3110 | 1 Symantec | 1 Altiris Deployment Solution | 2013-02-07 | 5.8 MEDIUM | N/A |
| Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. | |||||
| CVE-2012-6095 | 1 Proftpd | 1 Proftpd | 2013-01-25 | 1.2 LOW | N/A |
| ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. | |||||
| CVE-2010-2793 | 1 Redhat | 2 Enterprise Virtualization Manager, Spice-activex | 2013-01-16 | 6.8 MEDIUM | N/A |
| Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. | |||||
| CVE-2011-1485 | 1 Redhat | 1 Policykit | 2012-12-19 | 6.9 MEDIUM | N/A |
| Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. | |||||
| CVE-2012-3487 | 1 Google | 1 Tunnelblick | 2012-08-27 | 1.2 LOW | N/A |
| Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | |||||
| CVE-2011-5118 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 1.9 LOW | N/A |
| Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors. | |||||
| CVE-2012-3483 | 1 Google | 1 Tunnelblick | 2012-08-27 | 6.2 MEDIUM | N/A |
| Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. | |||||
| CVE-2010-5157 | 2 Comodo, Microsoft | 2 Comodo Internet Security, Windows Xp | 2012-08-27 | 6.2 MEDIUM | N/A |
| Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. | |||||
| CVE-2011-5119 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 1.9 LOW | N/A |
| Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors. | |||||
| CVE-2011-5117 | 1 Sophos | 3 Disk Encryption, Safeguard Easy Device Encryption Client, Safeguard Enterprise Device Encryption | 2012-08-24 | 6.9 MEDIUM | N/A |
| Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials. | |||||