Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

DATE CVE VULNERABILITY TITLE RISK
2014-01-15 CVE-2014-0616 Race Condition vulnerability in Juniper Junos
Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities.
network
juniper CWE-362
7.1
2014-01-09 CVE-2013-7283 Race Condition vulnerability in Libreswan 3.6
Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.
network
libreswan CWE-362
critical
9.3
2013-12-02 CVE-2012-0426 Race Condition vulnerability in Novell Suse Linux Enterprise for SAP Applications 11
Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory.
local
low complexity
novell CWE-362
7.2
2013-11-23 CVE-2013-4481 Race Condition vulnerability in multiple products
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."
1.9
2013-11-12 CVE-2013-4740 Race Condition vulnerability in Qualcomm Quic Mobile Station Modem Kernel 3.10
goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values.
6.9
2013-10-24 CVE-2013-5164 Race Condition vulnerability in Apple Iphone OS
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
local
apple CWE-362
3.3
2013-10-03 CVE-2013-4327 Race Condition vulnerability in multiple products
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
6.9
2013-09-27 CVE-2013-5474 Race Condition vulnerability in Cisco IOS
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.
network
low complexity
cisco CWE-362
7.8
2013-09-19 CVE-2013-5147 Race Condition vulnerability in Apple Iphone OS
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
local
high complexity
apple CWE-362
3.7
2013-09-05 CVE-2013-5035 Race Condition vulnerability in multiple products
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
4.9