Search Results (2563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5303 2 Perl, Redhat 3 File\, Perl, Enterprise Linux 2026-04-23 N/A
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
CVE-2008-1684 1 Sun 1 Solaris 2026-04-23 N/A
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
CVE-2008-2418 1 Sun 1 Solaris 2026-04-23 N/A
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2008-2538 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
CVE-2009-2724 2 Redhat, Sun 2 Rhel Extras, Java Se 2026-04-23 N/A
Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."
CVE-2008-5009 1 Sun 2 Solstice X.25, Sunos 2026-04-23 N/A
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
CVE-2007-5794 2 Nss Ldap, Redhat 2 Nss Ldap, Enterprise Linux 2026-04-23 N/A
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
CVE-2009-0320 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2026-04-23 N/A
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
CVE-2009-1238 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.
CVE-2009-1837 4 Debian, Fedoraproject, Mozilla and 1 more 9 Debian Linux, Fedora, Firefox and 6 more 2026-04-23 7.5 High
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
CVE-2008-5021 8 Canonical, Debian, Fedoraproject and 5 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2026-04-23 N/A
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
CVE-2008-1570 1 Policyd-weight 1 Policyd-weight 2026-04-23 N/A
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569.
CVE-2009-0268 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.
CVE-2005-4883 1 Philippe Jounin 1 Tftpd32 2026-04-23 N/A
Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames."
CVE-2009-3527 1 Freebsd 1 Freebsd 2026-04-23 N/A
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption.
CVE-2007-2400 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2026-04-23 N/A
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
CVE-2009-4226 1 Sun 1 Opensolaris 2026-04-23 N/A
Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function.
CVE-2008-1669 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
CVE-2007-4696 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
CVE-2009-3547 8 Canonical, Fedoraproject, Linux and 5 more 17 Ubuntu Linux, Fedora, Linux Kernel and 14 more 2026-04-23 7.0 High
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.