Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-18 | CVE-2007-6429 | Race Condition vulnerability in X.Org Evi, Mit-Shm and Xserver Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. | 9.3 |
| 2008-01-04 | CVE-2007-6599 | Race Condition vulnerability in multiple products Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. | 4.3 |
| 2007-12-19 | CVE-2007-5847 | Race Condition vulnerability in Apple mac OS X 10.4.11 Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | 6.6 |
| 2007-12-04 | CVE-2007-6216 | Race Condition vulnerability in SUN Solaris and Sunos Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. | 4.7 |
| 2007-11-30 | CVE-2007-6180 | Race Condition vulnerability in SUN Solaris 10.0/8.0/9.0 Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. | 7.6 |
| 2007-11-21 | CVE-2007-6077 | Race Condition vulnerability in Rubyonrails Rails 1.2.4 The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. | 6.8 |
| 2007-11-15 | CVE-2007-4696 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | 4.3 |
| 2007-11-13 | CVE-2007-5794 | Race Condition vulnerability in NSS Ldap NSS Ldap Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. | 4.3 |
| 2007-10-01 | CVE-2007-5154 | Race Condition vulnerability in Aimluck Aipo and Aipo ASP Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |
| 2007-09-27 | CVE-2007-5132 | Race Condition vulnerability in SUN Solaris 10.0/8.0/9.0 Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts." | 4.9 |