CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-362

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2013-1248 362 +Priv 2013-02-13 2020-09-28
4.9
None Local Low Not required Complete None None
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
702 CVE-2013-1199 362 DoS 2013-04-18 2013-04-19
4.9
None Remote High ??? None None Complete
Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996.
703 CVE-2013-1142 362 DoS 2013-03-28 2020-07-28
7.8
None Remote Low Not required None None Complete
Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.
704 CVE-2013-0907 362 DoS 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.
705 CVE-2013-0900 362 DoS 2013-02-23 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
706 CVE-2013-0893 362 DoS 2013-02-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.
707 CVE-2013-0871 362 +Priv 2013-02-18 2013-06-21
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
708 CVE-2013-0266 362 2013-03-08 2013-03-18
2.1
None Local Low Not required Partial None None
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
709 CVE-2012-6095 362 2013-01-24 2013-01-25
1.2
None Local High Not required None Partial None
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
710 CVE-2012-5507 362 2014-09-30 2014-10-02
4.3
None Remote Medium Not required Partial None None
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
711 CVE-2012-5415 362 DoS 2013-04-16 2013-04-16
5.4
None Remote High Not required None None Complete
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.
712 CVE-2012-5119 362 DoS 2012-11-07 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers.
713 CVE-2012-5108 362 Exec Code 2012-10-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
714 CVE-2012-4508 362 +Info 2012-12-21 2014-01-08
1.9
None Local Medium Not required Partial None None
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.
715 CVE-2012-3868 362 DoS 2012-07-25 2013-11-25
4.3
None Remote Medium Not required None None Partial
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
716 CVE-2012-3748 362 DoS Exec Code 2012-11-03 2013-09-18
5.1
None Remote High Not required Partial Partial Partial
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
717 CVE-2012-3552 362 DoS 2012-10-03 2020-07-31
7.1
None Remote Medium Not required None None Complete
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.
718 CVE-2012-3511 362 DoS 2012-10-04 2013-10-24
6.2
None Local High Not required Complete Complete Complete
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
719 CVE-2012-3500 362 2012-10-01 2017-08-29
1.2
None Local High Not required None Partial None
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
720 CVE-2012-3487 362 2012-08-26 2012-08-27
1.2
None Local High Not required None Partial None
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.
721 CVE-2012-3483 362 +Priv 2012-08-26 2012-08-27
6.2
None Local High Not required Complete Complete Complete
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
722 CVE-2012-3063 362 Bypass 2012-06-20 2013-03-22
7.1
None Remote High ??? Complete Complete Complete
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.
723 CVE-2012-2880 362 DoS 2012-09-26 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.
724 CVE-2012-2868 362 DoS 2012-08-31 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
725 CVE-2012-2737 362 2012-07-22 2017-08-29
1.9
None Local Medium Not required Partial None None
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
726 CVE-2012-2373 362 DoS 2012-08-09 2016-08-23
4.0
None Local High Not required None None Complete
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
727 CVE-2012-1868 362 +Priv 2012-06-12 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
728 CVE-2012-1338 362 DoS 2012-08-06 2013-04-02
6.3
None Remote Medium ??? None None Complete
Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.
729 CVE-2012-1324 362 DoS 2012-05-03 2017-12-07
7.1
None Remote Medium Not required None None Complete
Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
730 CVE-2012-1174 362 2012-07-12 2012-08-14
3.3
None Local Medium Not required None Partial Partial
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
731 CVE-2012-0953 362 2020-05-08 2020-05-18
4.4
None Local Medium Not required Partial Partial Partial
A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53.
732 CVE-2012-0656 362 2012-05-11 2017-12-05
6.9
None Local Medium Not required Complete Complete Complete
Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.
733 CVE-2012-0649 362 +Priv 2012-05-11 2017-12-05
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
734 CVE-2012-0644 362 Bypass 2012-03-08 2018-11-29
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
735 CVE-2012-0426 362 2013-12-02 2013-12-03
7.2
None Local Low Not required Complete Complete Complete
Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory.
736 CVE-2011-5119 362 Bypass 2012-08-26 2012-08-27
1.9
None Local Medium Not required None Partial None
Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors.
737 CVE-2011-5118 362 Bypass 2012-08-26 2012-08-27
1.9
None Local Medium Not required None Partial None
Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors.
738 CVE-2011-5117 362 2012-08-24 2012-08-24
6.9
None Local Medium Not required Complete Complete Complete
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.
739 CVE-2011-4348 362 DoS 2013-06-08 2013-07-25
7.1
None Remote Medium Not required None None Complete
Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482.
740 CVE-2011-4029 362 DoS 2012-07-03 2020-08-24
1.9
None Local Medium Not required Partial None None
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
741 CVE-2011-3961 362 Exec Code 2012-02-09 2020-05-08
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
742 CVE-2011-3878 362 DoS 2011-10-25 2020-05-07
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization.
743 CVE-2011-3585 362 DoS 2019-12-31 2020-01-10
1.9
None Local Medium Not required None None Partial
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
744 CVE-2011-3090 362 DoS 2012-05-16 2017-12-29
7.6
None Remote High Not required Complete Complete Complete
Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
745 CVE-2011-3080 362 Bypass 2012-05-01 2020-04-14
7.6
None Remote High Not required Complete Complete Complete
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
746 CVE-2011-2835 362 DoS 2011-09-19 2020-05-08
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
747 CVE-2011-2731 362 +Priv 2012-12-05 2013-10-24
5.1
None Remote High Not required Partial Partial Partial
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
748 CVE-2011-2183 362 DoS 2012-06-13 2012-06-14
4.0
None Local High Not required None None Complete
Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.
749 CVE-2011-1787 362 +Priv 2011-06-06 2014-11-14
6.9
None Local Medium Not required Complete Complete Complete
Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.
750 CVE-2011-1768 362 DoS 2012-06-13 2012-06-15
5.4
None Remote High Not required None None Complete
The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.
Total number of vulnerabilities : 895   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.