Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

DATE CVE VULNERABILITY TITLE RISK
2012-08-25 CVE-2010-5157 Race Condition vulnerability in Comodo Internet Security
Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.
local
high complexity
comodo microsoft CWE-362
6.2
2012-08-24 CVE-2011-5117 Race Condition vulnerability in Sophos products
Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physically proximate attackers to defeat the full-disk encryption feature by leveraging knowledge of these credentials.
local
sophos CWE-362
6.9
2012-08-06 CVE-2012-1338 Race Condition vulnerability in Cisco products
Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.
network
cisco CWE-362
6.3
2012-07-25 CVE-2012-3868 Race Condition vulnerability in ISC Bind 9.9.0/9.9.1
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
network
isc CWE-362
4.3
2012-07-22 CVE-2012-2737 Race Condition vulnerability in RAY Stode Accountsservice
The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.
1.9
2012-07-12 CVE-2012-1174 Race Condition vulnerability in Linux Systemd 43
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
local
linux CWE-362
3.3
2012-07-03 CVE-2011-4029 Race Condition vulnerability in X.Org X Server
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
local
x-org CWE-362
1.9
2012-06-20 CVE-2012-3063 Race Condition vulnerability in Cisco Application Control Engine Software
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.
network
high complexity
cisco CWE-362
7.1
2012-06-12 CVE-2012-1868 Race Condition vulnerability in Microsoft Windows XP
Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
6.9
2012-05-16 CVE-2011-3090 Race Condition vulnerability in Google Chrome
Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
network
high complexity
google CWE-362
7.6