CWE:
 

Topic
Date
Author
Med.
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
25.04.2017
Matt Bergin
Med.
SAP MII 15.0 Directory Traversal
17.05.2016
Dmitry Chastuhin
Med.
Infoware MapSuite Path Traversal
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2015-02-12
Medium
CVE-2014-4813

Vendor: IBM
Software: Tivoli stora...
 

 
Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.

 
2015-01-23
Low
CVE-2015-1200

Vendor: Pxz project
Software: PXZ
 

 
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.

 
2014-12-17
Low
CVE-2014-7170

Vendor: Puppetlabs
Software: Puppet server
 

 
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

 
2014-11-29
Medium
CVE-2014-9150

Vendor: Adobe
Software: Acrobat
 

 
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.

 
2014-11-25
Medium
CVE-2014-8005

Vendor: Cisco
Software: Ios xr
 

 
Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.

 
2014-10-18
Medium
CVE-2014-3406

Vendor: Cisco
Software: Intrusion pr...
 

 
Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085.

 
2014-10-10
High
CVE-2014-3385

Vendor: Cisco
Software: ASA
 

 
Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556.

 
2014-09-30
Low
CVE-2012-5507

Vendor: Plone
Software: Plone
 

 
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

 
2014-08-19
Medium
CVE-2014-5033

Vendor: Debian
Software: Kde4libs
 

 
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

 
2014-08-12
Medium
CVE-2014-3251

Vendor: Puppetlabs
Software: Mcollective
 

 
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

 

 


Copyright 2017, cxsecurity.com