Vulnerabilities (CVE)

Filtered by CWE-362
Total 1897 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8997 1 Google 1 Android 2025-04-20 7.6 HIGH 7.0 HIGH
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.
CVE-2017-10914 1 Xen 1 Xen 2025-04-20 6.8 MEDIUM 8.1 HIGH
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
CVE-2017-0161 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 6.8 MEDIUM 8.1 HIGH
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".
CVE-2022-22763 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2025-04-16 N/A 8.8 HIGH
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVE-2022-22746 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2025-04-16 N/A 5.9 MEDIUM
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-22737 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2025-04-16 N/A 7.5 HIGH
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-36318 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2025-04-15 N/A 5.3 MEDIUM
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
CVE-2022-42930 1 Mozilla 1 Firefox 2025-04-15 N/A 7.1 HIGH
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.
CVE-2025-31188 1 Apple 1 Macos 2025-04-15 N/A 7.8 HIGH
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to bypass Privacy preferences.
CVE-2015-7312 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-12 4.4 MEDIUM N/A
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.
CVE-2015-6789 1 Google 1 Chrome 2025-04-12 9.3 HIGH N/A
Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.
CVE-2014-9150 2 Adobe, Microsoft 3 Acrobat, Acrobat Reader, Windows 2025-04-12 6.4 MEDIUM N/A
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.
CVE-2015-4203 1 Cisco 2 Ios, Ubr10000 Cable Modem Termination System 2025-04-12 5.4 MEDIUM N/A
Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.
CVE-2015-8461 1 Isc 1 Bind 2025-04-12 7.1 HIGH N/A
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
CVE-2014-0226 4 Apache, Debian, Oracle and 1 more 7 Http Server, Debian Linux, Enterprise Manager Ops Center and 4 more 2025-04-12 6.8 MEDIUM N/A
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
CVE-2016-4583 2 Apple, Webkitgtk 5 Iphone Os, Safari, Tvos and 2 more 2025-04-12 2.6 LOW 3.1 LOW
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
CVE-2015-0608 1 Cisco 1 Ios 2025-04-12 7.1 HIGH N/A
Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736.
CVE-2016-6480 1 Linux 1 Linux Kernel 2025-04-12 4.7 MEDIUM 5.1 MEDIUM
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
CVE-2015-0632 1 Cisco 2 Ios, Ios Xe 2025-04-12 5.7 MEDIUM N/A
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.
CVE-2015-2234 1 Lenovo 1 System Update 2025-04-12 6.9 MEDIUM N/A
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.