Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-1741

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-13 Apr, 2007 | 16:00
Updated At-07 Aug, 2024 | 13:06
Rejected At-
Credits

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:13 Apr, 2007 | 16:00
Updated At:07 Aug, 2024 | 13:06
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://osvdb.org/38639
vdb-entry
x_refsource_OSVDB
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
third-party-advisory
x_refsource_IDEFENSE
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
mailing-list
x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/33584
vdb-entry
x_refsource_XF
http://www.securitytracker.com/id?1017904
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/23438
vdb-entry
x_refsource_BID
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
mailing-list
x_refsource_MLIST
Hyperlink: http://osvdb.org/38639
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33584
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securitytracker.com/id?1017904
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/23438
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://osvdb.org/38639
vdb-entry
x_refsource_OSVDB
x_transferred
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
mailing-list
x_refsource_MLIST
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/33584
vdb-entry
x_refsource_XF
x_transferred
http://www.securitytracker.com/id?1017904
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/23438
vdb-entry
x_refsource_BID
x_transferred
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://osvdb.org/38639
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33584
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securitytracker.com/id?1017904
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/23438
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:13 Apr, 2007 | 16:19
Updated At:29 Jul, 2017 | 01:30

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.2MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.2
Base severity: MEDIUM
Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
The Apache Software Foundation
apache
>>http_server>>2.2.3
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-362Primarynvd@nist.gov
CWE ID: CWE-362
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-04-19T00:00:00

These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration

References
HyperlinkSourceResource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511secalert@redhat.com
Vendor Advisory
http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2secalert@redhat.com
Vendor Advisory
http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2secalert@redhat.com
N/A
http://osvdb.org/38639secalert@redhat.com
N/A
http://www.securityfocus.com/bid/23438secalert@redhat.com
N/A
http://www.securitytracker.com/id?1017904secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/33584secalert@redhat.com
N/A
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/38639
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/23438
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1017904
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33584
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2020-9498
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.44%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 12:32
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFedora ProjectDebian GNU/Linux
Product-debian_linuxguacamolefedoraApache Guacamole
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26307
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 09:38
Updated-17 Jun, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Doris: Possible race condition

Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dorisApache Dorisdoris
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-26578
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.28% / 51.31%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 09:28
Updated-20 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Answer: Repeated submission at registration created duplicate users with the same name

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-answerApache Answer
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-3158
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-0.69% / 70.78%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 20:00
Updated-16 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.

Action-Not Available
Vendor-The Apache Software Foundation
Product-guacamoleApache Guacamole
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-1151
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.52% / 65.83%
||
7 Day CHG~0.00%
Published-20 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-apache_http_servern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-52434
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.59%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 19:03
Updated-08 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: APR/Native Connector crash leading to DoS

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-8025
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-0.88% / 74.39%
||
7 Day CHG~0.00%
Published-27 Jun, 2018 | 15:00
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.

Action-Not Available
Vendor-The Apache Software Foundation
Product-hbaseApache HBase
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-8037
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-6.24% / 90.52%
||
7 Day CHG~0.00%
Published-02 Aug, 2018 | 14:00
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtomcatApache Tomcat
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-43980
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-3.7||LOW
EPSS-0.16% / 37.58%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 00:00
Updated-21 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Information disclosure

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtomcatApache Tomcat
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-0217
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-32.74% / 96.72%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 20:11
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.openSUSEFedora ProjectOracle Corporation
Product-enterprise_linux_serverhttp_serverubuntu_linuxclustered_data_ontapdebian_linuxenterprise_linux_workstationfedoraenterprise_linuxretail_xstore_point_of_serviceoncommand_unified_managerenterprise_linux_desktopenterprise_manager_ops_centerleapApache HTTP Server
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2014-0226
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-90.26% / 99.58%
||
7 Day CHG~0.00%
Published-20 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-secure_global_desktopenterprise_linuxenterprise_manager_ops_centerjboss_enterprise_application_platformhttp_serverdebian_linuxn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-49619
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-3.1||LOW
EPSS-0.98% / 75.80%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 08:25
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-answerApache Answer
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-35451
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 27.50%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 15:20
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Oozie local privilege escalation

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.

Action-Not Available
Vendor-The Apache Software Foundation
Product-oozieApache Oozie
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-17534
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7||HIGH
EPSS-0.07% / 21.28%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 15:33
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows theirs: To avoid local privilege escalation version 1.7.1 creates the temporary directory atomically without dealing with the temporary file: https://github.com/apache/netbeans-html4j/commit/fa70e507e5555e1adb4f6518479fc408a7abd0e6

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-html\/java_apiApache NetBeans HTML/Java API
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2006-5178
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.82%
||
7 Day CHG~0.00%
Published-06 Oct, 2006 | 00:00
Updated-07 Aug, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5164
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.98%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-kingsoftn/akingsoftMicrosoft Corporation
Product-windows_xppersonal_firewall_9n/apersonal_firewall_9
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-4801
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.46%
||
7 Day CHG~0.00%
Published-14 Sep, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.

Action-Not Available
Vendor-n/aRoxio
Product-toastn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5181
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-gfin/aMicrosoft Corporation
Product-vipre_antiviruswindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2012-3483
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.24% / 46.24%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tunnelblickn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-0732
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 11.32%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-screensavergtkn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5165
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Malware Defender 2.6.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-torchsoftn/aMicrosoft Corporation
Product-windows_xpmalware_defendern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5169
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.03% / 5.78%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-emisoftn/aMicrosoft Corporation
Product-online_armorwindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Prevx 3.0.5.143 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-prevxn/aMicrosoft Corporation
Product-windows_xpprevxn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5170
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-online-solutionsn/aMicrosoft Corporation
Product-online_solutions_security_suitewindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-virusbustern/aMicrosoft Corporation
Product-windows_xpvirusbuster_internet_securit_suiten/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5166
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aMicrosoft CorporationMcAfee, LLC
Product-windows_xptotal_protection_2010n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5180
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-anti-virusn/aMicrosoft Corporation
Product-windows_xpvirusblockada32n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.04% / 9.72%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aESET, spol. s r. o.Microsoft Corporation
Product-windows_xpsmart_securityn/asmart_security
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-webrootn/aMicrosoft Corporation
Product-internet_security_essentialswindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5176
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-pcsecurityshieldn/aMicrosoft Corporation
Product-windows_xpsecurity_shield_2010n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5175
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 8.80%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-pwicorpn/apwicorpMicrosoft Corporation
Product-windows_xpprivatefirewalln/aprivatefirewall
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5178
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in ThreatFire 4.7.0.17 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-pctoolsn/aMicrosoft Corporation
Product-windows_xpthreatfiren/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aMicrosoft CorporationTrend Micro Incorporated
Product-windows_xpinternet_security_2010n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5161
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aF-Secure CorporationMicrosoft Corporation
Product-windows_xpf-secure_internet_security_2010n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.60%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aMicrosoft CorporationKaspersky Lab
Product-windows_xpkaspersky_internet_security_2010n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-avgn/aMicrosoft Corporation
Product-windows_xpinternet_securityn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-3dprotectn/aMicrosoft Corporation
Product-windows_xp3d_eqsecuren/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aMicrosoft CorporationBitdefender
Product-bitdefender_total_security_2010windows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.56%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aSymantec CorporationMicrosoft Corporation
Product-windows_xpnorton_internet_security_2010n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.98%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-aviran/aaviraMicrosoft Corporation
Product-windows_xppremium_security_suiten/aantivir_security_suite
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-5173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-pctoolsn/aMicrosoft Corporation
Product-windows_xppctools_firewalln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-avast\!n/aMicrosoft Corporation
Product-avast\!_internet_securitywindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.87%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.

Action-Not Available
Vendor-comodon/aMicrosoft Corporation
Product-windows_xpcomodo_internet_securityn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5177
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aSophos Ltd.Microsoft Corporation
Product-windows_xpsophos_endpoint_security_and_controln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aMicrosoft CorporationCA Technologies (Broadcom Inc.)
Product-internet_security_suite_2010windows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-eeyen/aMicrosoft Corporation
Product-windows_xpblinkn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5184
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-n/aCheck Point Software Technologies Ltd.Microsoft Corporation
Product-windows_xpzonealarm_extreme_securityn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5167
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-normann/aMicrosoft Corporation
Product-windows_xpsecurity_suiten/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in G DATA TotalCare 2010 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-gdatan/aMicrosoft Corporation
Product-windows_xptotalcare_2010n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-agnitumn/aMicrosoft Corporation
Product-windows_xpoutpost_security_suiten/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • Previous
  • 1
  • 2
  • Next
Details not found