Total
2153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30394 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-05-19 | N/A | 5.9 MEDIUM |
|
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2025-29841 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-05-19 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-27468 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-19 | N/A | 7.0 HIGH |
|
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-1493 | 1 Ibm | 1 Db2 | 2025-05-16 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1
could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.
|
|||||
| CVE-2025-20104 | 2025-05-16 | N/A | 7.3 HIGH | ||
|
Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-20007 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2025-05-15 | N/A | 7.5 HIGH |
|
In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.
|
|||||
| CVE-2024-49128 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-05-13 | N/A | 8.1 HIGH |
|
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-47545 | 1 Ays-pro | 1 Poll Maker | 2025-05-12 | N/A | 5.3 MEDIUM |
|
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7.
|
|||||
| CVE-2025-3886 | 1 Catonetworks | 1 Cato Client | 2025-05-12 | N/A | 8.1 HIGH |
|
An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.
|
|||||
| CVE-2025-46336 | 2025-05-12 | N/A | 4.2 MEDIUM | ||
|
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1 ...
Show More |
|||||
| CVE-2024-24255 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-05-08 | N/A | 4.2 MEDIUM |
|
A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions.
|
|||||
| CVE-2024-26869 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to truncate meta inode pages forcely
Below race case can cause data corruption:
Thread A GC thread
- gc_data_segment
- ra_data_block
- locked meta_inode page
- f2fs_inplace_write_data
- invalidate_mapping_pages
: fail to invalidate meta_inode page
due to lock failure or dirty|writeback
status
- f2fs_submit_page_bio
: write last dirty data to old blkaddr
- move_data_block
- ...
Show More |
|||||
| CVE-2022-3307 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 8.8 HIGH |
|
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-32895 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 4.7 MEDIUM |
|
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.
|
|||||
| CVE-2022-42791 | 1 Apple | 2 Iphone Os, Macos | 2025-05-05 | N/A | 7.0 HIGH |
|
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2021-33078 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2025-05-05 | 4.7 MEDIUM | 4.7 MEDIUM |
|
Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2021-33075 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2025-05-05 | 4.7 MEDIUM | 4.7 MEDIUM |
|
Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-35824 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | N/A | 7.0 HIGH |
|
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
|
|||||
| CVE-2023-35823 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | N/A | 7.0 HIGH |
|
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
|
|||||
| CVE-2023-33203 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-05-05 | N/A | 6.4 MEDIUM |
|
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
|
|||||
| CVE-2022-32613 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2025-05-01 | N/A | 6.4 MEDIUM |
|
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.
|
|||||
| CVE-2022-32612 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2025-05-01 | N/A | 6.4 MEDIUM |
|
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.
|
|||||
| CVE-2022-44563 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 5.9 MEDIUM |
|
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2022-44551 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 9.8 CRITICAL |
|
The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
|
|||||
| CVE-2024-2193 | 2025-04-30 | N/A | 5.7 MEDIUM | ||
|
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
|
|||||
| CVE-2021-47248 | 1 Linux | 1 Linux Kernel | 2025-04-30 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
udp: fix race between close() and udp_abort()
Kaustubh reported and diagnosed a panic in udp_lib_lookup().
The root cause is udp_abort() racing with close(). Both
racing functions acquire the socket lock, but udp{v6}_destroy_sock()
release it before performing destructive actions.
We can't easily extend the socket lock scope to avoid the race,
instead use the SOCK_DEAD flag to prevent udp_abort from doing
any action when the ...
Show More |
|||||
| CVE-2022-45885 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2025-04-29 | N/A | 7.0 HIGH |
|
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
|
|||||
| CVE-2025-46613 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable.
|
|||||
| CVE-2022-45887 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2025-04-25 | N/A | 4.7 MEDIUM |
|
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
|
|||||
| CVE-2025-37088 | 2025-04-25 | N/A | 6.8 MEDIUM | ||
|
A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.
|
|||||
| CVE-2022-45869 | 1 Linux | 1 Linux Kernel | 2025-04-24 | N/A | 5.5 MEDIUM |
|
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
|
|||||
| CVE-2022-32621 | 2 Google, Mediatek | 3 Android, Mt6895, Mt6983 | 2025-04-24 | N/A | 6.4 MEDIUM |
|
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829.
|
|||||
| CVE-2022-39134 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | N/A | 4.7 MEDIUM |
|
In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.
|
|||||
| CVE-2022-42864 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-23 | N/A | 7.0 HIGH |
|
A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-42771 | 2 Google, Unisoc | 14 Android, S8020, Sc7731e and 11 more | 2025-04-23 | N/A | 4.7 MEDIUM |
|
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.
|
|||||
| CVE-2023-2006 | 2 Linux, Netapp | 2 Linux Kernel, Hci Baseboard Management Controller | 2025-04-23 | N/A | 7.0 HIGH |
|
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
|
|||||
| CVE-2022-42770 | 2 Google, Unisoc | 14 Android, S8019, Sc7731e and 11 more | 2025-04-23 | N/A | 4.7 MEDIUM |
|
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.
|
|||||
| CVE-2021-39660 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.0 HIGH |
|
In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-254742984
|
|||||
| CVE-2022-42806 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-22 | N/A | 7.0 HIGH |
|
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-42803 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | N/A | 7.0 HIGH |
|
A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.
|
|||||