Filtered by CWE-367
Filtered by vendor Subscriptions
Total 429 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-5630 3 Fedoraproject, Libuser Project, Redhat 3 Fedora, Libuser, Enterprise Linux 2024-11-21 6.3 Medium
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
CVE-2012-3500 2 Devscripts Devel Team, Fedora 2 Devscripts, Rpmdevtools 2024-11-21 N/A
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
CVE-2012-3440 2 Redhat, Todd Miller 2 Enterprise Linux, Sudo 2024-11-21 N/A
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
CVE-2012-2652 1 Qemu 1 Qemu 2024-11-21 N/A
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.
CVE-2011-4126 1 Calibre-ebook 1 Calibre 2024-11-21 8.1 High
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
CVE-2011-1833 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 N/A
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
CVE-2011-1098 2 Gentoo, Redhat 2 Logrotate, Enterprise Linux 2024-11-21 N/A
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
CVE-2010-0085 2 Redhat, Sun 7 Enterprise Linux, Network Satellite, Rhel Extras and 4 more 2024-11-21 N/A
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.
CVE-2005-1111 4 Canonical, Debian, Gnu and 1 more 4 Ubuntu Linux, Debian Linux, Cpio and 1 more 2024-11-21 4.7 Medium
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2004-0594 7 Avaya, Debian, Hp and 4 more 9 Converged Communications Server, Debian Linux, Hp-ux and 6 more 2024-11-21 N/A
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
CVE-2003-0813 1 Microsoft 5 Windows 2000, Windows 98, Windows Nt and 2 more 2024-11-21 N/A
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
CVE-2001-1593 1 Gnu 1 A2ps 2024-11-21 N/A
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2024-38407 1 Qualcomm 89 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 86 more 2024-11-16 7.8 High
Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.
CVE-2024-38406 1 Qualcomm 89 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 86 more 2024-11-16 7.8 High
Memory corruption while handling IOCTL calls in JPEG Encoder driver.
CVE-2024-22185 1 Intel 2 4th Generation Intel Xeon Processor Scalable Family, 5th Generation Intel Xeon Processor Scalable Family 2024-11-15 7.2 High
Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-48322 1 Run.codes 1 Run.codes 2024-11-12 8.1 High
UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.
CVE-2024-50592 1 Hasomed 1 Elefant Software Updater 2024-11-08 7 High
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a list of files and their hashes. In addition, instructions to execute binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITY\SYSTEM" after they are copied over to the user writable installation folder (C:\Elefant1). This means that a user can overwrite either "PostESUUpdate.exe" or "Update_OpenJava.exe" in the time frame after the copy and before the execution of the final repair step. The overwritten executable is then executed as "NT AUTHORITY\SYSTEM".
CVE-2024-49768 3 Agendaless, Pylons, Redhat 3 Waitress, Waitress, Openshift Ironic 2024-11-07 9.1 Critical
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature.
CVE-2024-27114 2 So Planning, Soplanning 2 Simple Online Planning, Soplanning 2024-10-16 9.8 Critical
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02.
CVE-2024-38153 1 Microsoft 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more 2024-10-16 7.8 High
Windows Kernel Elevation of Privilege Vulnerability