Total
2084 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36615 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 5.9 Medium |
| FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | ||||
| CVE-2022-3328 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2025-06-03 | 7.8 High |
| Race condition in snap-confine's must_mkdir_and_open_with_perms() | ||||
| CVE-2024-22047 | 2 Collectiveidea, Redhat | 2 Audited, Satellite | 2025-06-03 | 3.1 Low |
| A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. | ||||
| CVE-2022-26765 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-30 | 4.7 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | ||||
| CVE-2024-23651 | 1 Mobyproject | 1 Buildkit | 2025-05-29 | 8.7 High |
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options. | ||||
| CVE-2016-20015 | 1 Smokeping | 1 Smokeping | 2025-05-29 | 7.5 High |
| In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown. | ||||
| CVE-2025-46805 | 2025-05-28 | 5.5 Medium | ||
| Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. | ||||
| CVE-2025-48751 | 2025-05-28 | 2.9 Low | ||
| The process_lock crate 0.1.0 for Rust allows data races in unlock. | ||||
| CVE-2025-48753 | 2025-05-28 | 2.9 Low | ||
| In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock. | ||||
| CVE-2023-45864 | 1 Samsung | 14 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 11 more | 2025-05-22 | 4 Medium |
| A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas. | ||||
| CVE-2022-2857 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-2854 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | 8.8 High |
| Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2025-0372 | 2025-05-21 | N/A | ||
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. | ||||
| CVE-2025-3608 | 1 Mozilla | 1 Firefox | 2025-05-21 | 6.5 Medium |
| A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. | ||||
| CVE-2022-3042 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2025-05-21 | 8.8 High |
| Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-3303 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-21 | 4.7 Medium |
| A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition | ||||
| CVE-2022-3071 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2025-05-21 | 8.8 High |
| Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | ||||
| CVE-2022-3049 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2025-05-21 | 8.8 High |
| Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-43980 | 3 Apache, Debian, Redhat | 3 Tomcat, Debian Linux, Jboss Enterprise Web Server | 2025-05-21 | 3.7 Low |
| The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. | ||||
| CVE-2023-33110 | 1 Qualcomm | 246 Snapdragon 425 Mobile Platform, Snapdragon 425 Mobile Platform Firmware, Snapdragon 427 Mobile Platform and 243 more | 2025-05-21 | 7.8 High |
| The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. | ||||