Search Results (3347 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4307 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-09 N/A
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.
CVE-2006-5178 1 Php 1 Php 2025-04-09 N/A
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
CVE-2008-2418 1 Sun 1 Solaris 2025-04-09 N/A
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2009-0875 1 Sun 2 Opensolaris, Solaris 2025-04-09 N/A
Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.
CVE-2009-4129 1 Mozilla 1 Firefox 2025-04-09 N/A
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
CVE-2009-4027 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-09 N/A
Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session.
CVE-2005-4883 1 Philippe Jounin 1 Tftpd32 2025-04-09 N/A
Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames."
CVE-2009-1207 1 Sun 2 Opensolaris, Solaris 2025-04-09 N/A
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
CVE-2007-6216 1 Sun 2 Solaris, Sunos 2025-04-09 N/A
Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs.
CVE-2008-0933 1 Sun 1 Solaris 2025-04-09 N/A
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
CVE-2008-3646 1 Apple 1 Mac Os X 2025-04-09 N/A
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
CVE-2008-5009 1 Sun 2 Solstice X.25, Sunos 2025-04-09 N/A
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
CVE-2009-1215 1 Gnu 1 Gnu Screen 2025-04-09 N/A
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
CVE-2008-2958 1 Checkinstall 1 Checkinstall 2025-04-09 N/A
Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.
CVE-2009-2794 1 Apple 1 Iphone Os 2025-04-09 N/A
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
CVE-2009-3110 1 Symantec 1 Altiris Deployment Solution 2025-04-09 N/A
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.
CVE-2007-3268 1 Ibm 1 Tivoli Provisioning Manager Os Deployment 2025-04-09 7.5 High
The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.
CVE-2008-2538 1 Sun 1 Solaris 2025-04-09 N/A
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
CVE-2009-2836 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.
CVE-2009-2135 1 Sun 2 Opensolaris, Solaris 2025-04-09 N/A
Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.