Total
1978 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4801 | 1 Roxio | 1 Toast | 2025-04-03 | N/A |
| Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges. | ||||
| CVE-2000-0864 | 1 Gnome | 1 Esound | 2025-04-03 | N/A |
| Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. | ||||
| CVE-2004-2491 | 1 Opera | 1 Opera Browser | 2025-04-03 | N/A |
| A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. | ||||
| CVE-2003-1438 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | ||||
| CVE-2003-1562 | 1 Openbsd | 1 Openssh | 2025-04-03 | N/A |
| sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. | ||||
| CVE-2004-2659 | 2 Mozilla, Opera | 2 Mozilla, Opera Browser | 2025-04-03 | N/A |
| Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407. | ||||
| CVE-2006-0039 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE. | ||||
| CVE-2006-1057 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2025-04-03 | N/A |
| Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | ||||
| CVE-2023-24042 | 1 Lightftp Project | 1 Lightftp | 2025-04-02 | 7.5 High |
| A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. | ||||
| CVE-2025-21278 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-04-02 | 6.2 Medium |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | ||||
| CVE-2024-9936 | 1 Mozilla | 1 Firefox | 2025-03-31 | 6.5 Medium |
| When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. | ||||
| CVE-2024-0041 | 1 Google | 1 Android | 2025-03-28 | 8.4 High |
| In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2021-46873 | 2 Microsoft, Wireguard | 2 Windows, Wireguard | 2025-03-28 | 5.3 Medium |
| WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless. | ||||
| CVE-2025-24808 | 2025-03-27 | 4.3 Medium | ||
| Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due to a race condition. The patch in versions `3.3.4` and `3.4.0.beta5` uses the `lock` step in service to wrap part of the `add_users_to_channel` service inside a distributed lock/mutex in order to avoid the race condition. | ||||
| CVE-2024-23275 | 1 Apple | 1 Macos | 2025-03-27 | 4.7 Medium |
| A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data. | ||||
| CVE-2021-36532 | 1 Portfoliocms Project | 1 Portfoliocms | 2025-03-26 | 8.1 High |
| Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. | ||||
| CVE-2024-27823 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-26 | 5.9 Medium |
| A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spoof network packets. | ||||
| CVE-2022-42951 | 1 Couchbase | 1 Couchbase Server | 2025-03-26 | 8.1 High |
| An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. | ||||
| CVE-2022-47331 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 4.7 Medium |
| In wlan driver, there is a race condition. This could lead to local denial of service in wlan services. | ||||
| CVE-2023-0739 | 1 Answer | 1 Answer | 2025-03-25 | 6.8 Medium |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4. | ||||