Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

DATE CVE VULNERABILITY TITLE RISK
2013-08-19 CVE-2013-2162 Race Condition vulnerability in Canonical Ubuntu Linux
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
1.9
2013-07-16 CVE-2013-1935 Race Condition vulnerability in Redhat Enterprise Linux 6.0
A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible.
5.7
2013-04-16 CVE-2012-5415 Race Condition vulnerability in Cisco products
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.
network
high complexity
cisco CWE-362
5.4
2013-04-09 CVE-2013-1284 Race Condition vulnerability in Microsoft Windows 8, Windows RT and Windows Server 2012
Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-031 "What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory."
local
low complexity
microsoft CWE-362
4.9
2013-03-28 CVE-2013-1142 Race Condition vulnerability in Cisco IOS
Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745.
network
low complexity
cisco CWE-362
7.8
2013-03-08 CVE-2013-0266 Race Condition vulnerability in Openstack Essex and Folsom
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
local
low complexity
openstack CWE-362
2.1
2013-01-24 CVE-2012-6095 Race Condition vulnerability in Proftpd
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
local
high complexity
proftpd CWE-362
1.2
2012-12-05 CVE-2011-2731 Race Condition vulnerability in VMWare Springsource Spring Security
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
network
high complexity
vmware CWE-362
5.1
2012-11-03 CVE-2012-3748 Race Condition vulnerability in Apple Iphone OS and Safari
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
network
high complexity
apple CWE-362
5.1
2012-10-03 CVE-2012-3552 Race Condition vulnerability in multiple products
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.
network
high complexity
linux redhat CWE-362
5.9