Total
2245 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43980 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2025-05-21 | N/A | 3.7 LOW |
| The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. | |||||
| CVE-2022-41848 | 1 Linux | 1 Linux Kernel | 2025-05-20 | N/A | 4.2 MEDIUM |
| drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. | |||||
| CVE-2025-30394 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-05-19 | N/A | 5.9 MEDIUM |
| Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-29841 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-05-19 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27468 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-19 | N/A | 7.0 HIGH |
| Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-1493 | 1 Ibm | 1 Db2 | 2025-05-16 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. | |||||
| CVE-2024-20007 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2025-05-15 | N/A | 7.5 HIGH |
| In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369. | |||||
| CVE-2024-49128 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-05-13 | N/A | 8.1 HIGH |
| Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-3886 | 1 Catonetworks | 1 Cato Client | 2025-05-12 | N/A | 8.1 HIGH |
| An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component. | |||||
| CVE-2024-24255 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-05-08 | N/A | 4.2 MEDIUM |
| A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. | |||||
| CVE-2024-26869 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode page - f2fs_inplace_write_data - invalidate_mapping_pages : fail to invalidate meta_inode page due to lock failure or dirty|writeback status - f2fs_submit_page_bio : write last dirty data to old blkaddr - move_data_block - load old data from meta_inode page - f2fs_submit_page_write : write old data to new blkaddr Because invalidate_mapping_pages() will skip invalidating page which has unclear status including locked, dirty, writeback and so on, so we need to use truncate_inode_pages_range() instead of invalidate_mapping_pages() to make sure meta_inode page will be dropped. | |||||
| CVE-2022-3307 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 8.8 HIGH |
| Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-32895 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 4.7 MEDIUM |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. | |||||
| CVE-2022-42791 | 1 Apple | 2 Iphone Os, Macos | 2025-05-05 | N/A | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-33078 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2025-05-05 | 4.7 MEDIUM | 4.7 MEDIUM |
| Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-33075 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2025-05-05 | 4.7 MEDIUM | 4.7 MEDIUM |
| Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-35824 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | |||||
| CVE-2023-35823 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. | |||||
| CVE-2023-33203 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-05-05 | N/A | 6.4 MEDIUM |
| The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. | |||||
| CVE-2022-32613 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2025-05-01 | N/A | 6.4 MEDIUM |
| In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | |||||