Total
2081 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2094 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | ||||
| CVE-2002-2244 | 1 Akfingerd | 1 Akfingerd | 2025-04-03 | N/A |
| Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle. | ||||
| CVE-2000-0864 | 1 Gnome | 1 Esound | 2025-04-03 | N/A |
| Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. | ||||
| CVE-2002-2374 | 1 Sun | 1 Patchpro | 2025-04-03 | N/A |
| Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | ||||
| CVE-2003-1438 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | ||||
| CVE-2004-2491 | 1 Opera | 1 Opera Browser | 2025-04-03 | N/A |
| A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. | ||||
| CVE-2023-24042 | 1 Lightftp Project | 1 Lightftp | 2025-04-02 | 7.5 High |
| A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. | ||||
| CVE-2024-9936 | 1 Mozilla | 1 Firefox | 2025-03-31 | 6.5 Medium |
| When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. | ||||
| CVE-2024-0041 | 1 Google | 1 Android | 2025-03-28 | 8.4 High |
| In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2021-46873 | 2 Microsoft, Wireguard | 2 Windows, Wireguard | 2025-03-28 | 5.3 Medium |
| WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless. | ||||
| CVE-2021-36532 | 1 Portfoliocms Project | 1 Portfoliocms | 2025-03-26 | 8.1 High |
| Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. | ||||
| CVE-2022-42951 | 1 Couchbase | 1 Couchbase Server | 2025-03-26 | 8.1 High |
| An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. | ||||
| CVE-2022-47331 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 4.7 Medium |
| In wlan driver, there is a race condition. This could lead to local denial of service in wlan services. | ||||
| CVE-2023-0739 | 1 Answer | 1 Answer | 2025-03-25 | 6.8 Medium |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2021-4207 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2025-03-21 | 8.2 High |
| A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | ||||
| CVE-2023-23039 | 1 Linux | 1 Linux Kernel | 2025-03-20 | 5.7 Medium |
| An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | ||||
| CVE-2024-26578 | 1 Apache | 1 Answer | 2025-03-20 | 5.9 Medium |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue. | ||||
| CVE-2020-19824 | 1 Mpv | 1 Mpv | 2025-03-19 | 7 High |
| An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. | ||||
| CVE-2024-31327 | 1 Google | 1 Android | 2025-03-14 | 5.3 Medium |
| In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-52553 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.4 High |
| Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||