CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-362

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2009-1837 362 Exec Code 2009-06-12 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
852 CVE-2009-1786 362 2009-05-26 2017-09-29
6.9
None Local Medium Not required Complete Complete Complete
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
853 CVE-2009-1707 362 2009-06-10 2010-12-10
1.2
None Local High Not required Partial None None
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
854 CVE-2009-1527 362 +Priv 2009-05-05 2020-08-21
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.
855 CVE-2009-1388 362 DoS 2009-07-05 2018-10-10
4.9
None Local Low Not required None None Complete
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.
856 CVE-2009-1238 362 DoS Mem. Corr. 2009-04-02 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.
857 CVE-2009-1215 362 2009-04-01 2017-08-17
1.9
None Local Medium Not required None Partial None
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
858 CVE-2009-1207 362 2009-04-01 2017-09-29
4.4
None Local Medium Not required Partial Partial Partial
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
859 CVE-2009-0875 362 DoS +Priv Bypass 2009-03-12 2009-04-02
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.
860 CVE-2009-0784 362 +Priv 2009-03-25 2020-11-04
6.3
None Local Medium Not required None Complete Complete
Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.
861 CVE-2009-0268 362 DoS 2009-01-26 2017-09-29
4.9
None Local Low Not required None None Complete
Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.
862 CVE-2009-0142 362 DoS 2009-02-12 2011-03-08
1.9
None Local Medium Not required None None Partial
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."
863 CVE-2008-6819 362 1 DoS 2009-06-01 2009-06-29
4.7
None Local Medium Not required None None Complete
win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
864 CVE-2008-6598 362 2009-04-03 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
865 CVE-2008-5303 362 2008-12-01 2018-10-11
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
866 CVE-2008-5302 362 2008-12-01 2018-10-11
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
867 CVE-2008-5182 362 +Priv 2008-11-21 2018-10-11
6.9
None Local Medium Not required Complete Complete Complete
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.
868 CVE-2008-5044 362 DoS 2008-11-12 2018-10-11
4.0
None Local High Not required None None Complete
Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
869 CVE-2008-5009 362 DoS 2008-11-10 2018-10-30
4.0
None Local High Not required None None Complete
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
870 CVE-2008-4392 362 2009-02-19 2017-08-08
6.4
None Remote Low Not required None Partial Partial
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.
871 CVE-2008-4307 362 DoS 2009-01-13 2018-10-11
4.0
None Local High Not required None None Complete
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.
872 CVE-2008-4229 362 2008-11-25 2011-03-08
3.7
None Local High Not required Partial Partial Partial
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
873 CVE-2008-3646 362 2008-10-10 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
874 CVE-2008-2958 362 2008-07-01 2017-08-08
4.4
None Local Medium Not required Partial Partial Partial
Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.
875 CVE-2008-2538 362 2008-06-03 2017-09-29
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
876 CVE-2008-2418 362 DoS 2008-05-23 2017-09-29
4.7
None Local Medium Not required None None Complete
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
877 CVE-2008-2365 362 DoS 2008-06-30 2018-10-30
4.7
None Local Medium Not required None None Complete
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
878 CVE-2008-2311 362 Exec Code 2008-07-01 2017-08-08
7.6
None Remote High Not required Complete Complete Complete
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
879 CVE-2008-1684 362 2008-04-06 2017-09-29
4.7
None Local Medium Not required None None Complete
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
880 CVE-2008-1570 362 2008-03-31 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569.
881 CVE-2008-1375 362 DoS +Priv 2008-05-02 2020-08-26
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
882 CVE-2008-0933 362 DoS 2008-02-25 2017-09-29
4.7
None Local Medium Not required None None Complete
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
883 CVE-2008-0059 362 Exec Code 2008-03-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
884 CVE-2008-0058 362 Exec Code 2008-03-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
885 CVE-2008-0055 362 DoS +Priv 2008-03-18 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.
886 CVE-2007-6599 362 DoS 2008-01-04 2018-10-26
4.3
None Remote Medium Not required None None Partial
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
887 CVE-2007-6216 362 DoS 2007-12-04 2018-10-30
4.7
None Local Medium Not required None None Complete
Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs.
888 CVE-2007-6180 362 DoS 2007-11-30 2017-07-29
7.6
None Local Network Medium Not required Partial Complete Complete
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.
889 CVE-2007-6077 362 2007-11-21 2019-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.
890 CVE-2007-5847 362 +Info 2007-12-19 2017-07-29
6.6
None Local Low Not required Complete Complete None
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
891 CVE-2007-5794 362 2007-11-13 2018-10-15
4.3
None Remote Medium Not required Partial None None
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
892 CVE-2007-5154 362 2007-10-01 2017-07-29
5.8
None Remote Medium Not required Partial Partial None
Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
893 CVE-2007-5132 362 DoS 2007-09-27 2017-09-29
4.9
None Local Low Not required None None Complete
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."
894 CVE-2007-4774 362 Bypass 2020-01-15 2020-02-04
4.3
None Remote Medium Not required None Partial None
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.
895 CVE-2007-4696 362 +Info 2007-11-15 2011-03-08
4.3
None Remote Medium Not required Partial None None
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
896 CVE-2007-3478 362 DoS 2007-06-28 2018-10-16
4.3
None Remote Medium Not required None None Partial
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
897 CVE-2007-3091 362 Exec Code 2007-06-06 2021-07-23
7.1
None Remote Medium Not required None None Complete
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."
898 CVE-2007-2654 362 2007-05-14 2008-11-13
4.4
None Local Medium Not required Partial Partial Partial
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
899 CVE-2007-1741 362 Exec Code +Priv 2007-04-13 2017-07-29
6.2
None Local High Not required Complete Complete Complete
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
900 CVE-2007-1249 362 2007-03-03 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
Total number of vulnerabilities : 895   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.