Total
1968 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2616 | 3 Debian, Redhat, Util-linux Project | 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-06-09 | N/A |
| A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. | ||||
| CVE-2023-6200 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-06-05 | 7.5 High |
| A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. | ||||
| CVE-2024-24254 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-05 | 4.2 Medium |
| PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes. | ||||
| CVE-2022-34696 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2025-06-05 | 7.8 High |
| Windows Hyper-V Remote Code Execution Vulnerability | ||||
| CVE-2024-48069 | 1 Weaver | 1 E-cology | 2025-06-05 | 9.8 Critical |
| A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges | ||||
| CVE-2024-35255 | 2 Microsoft, Redhat | 5 Authentication Library, Azure Identity Sdk, Camel Quarkus and 2 more | 2025-06-05 | 5.5 Medium |
| Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||||
| CVE-2024-20509 | 1 Cisco | 50 Meraki Mx100, Meraki Mx100 Firmware, Meraki Mx105 and 47 more | 2025-06-04 | 5.8 Medium |
| A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device. | ||||
| CVE-2025-48880 | 1 Freescout | 1 Freescout | 2025-06-04 | 6.6 Medium |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring. This issue has been patched in version 1.8.181. | ||||
| CVE-2025-27492 | 2025-06-04 | 7 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26649 | 2025-06-04 | 7 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2022-34702 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-04 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2024-36615 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 5.9 Medium |
| FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | ||||
| CVE-2022-3328 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2025-06-03 | 7.8 High |
| Race condition in snap-confine's must_mkdir_and_open_with_perms() | ||||
| CVE-2024-22047 | 2 Collectiveidea, Redhat | 2 Audited, Satellite | 2025-06-03 | 3.1 Low |
| A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. | ||||
| CVE-2025-40909 | 2025-06-03 | 5.9 Medium | ||
| Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 | ||||
| CVE-2022-26765 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-30 | 4.7 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | ||||
| CVE-2024-23651 | 1 Mobyproject | 1 Buildkit | 2025-05-29 | 8.7 High |
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options. | ||||
| CVE-2016-20015 | 1 Smokeping | 1 Smokeping | 2025-05-29 | 7.5 High |
| In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown. | ||||
| CVE-2025-46805 | 2025-05-28 | 5.5 Medium | ||
| Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. | ||||
| CVE-2025-46802 | 2025-05-28 | 6 Medium | ||
| For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. | ||||