Race Condition
Monthly
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.
Race condition in snap-confine's must_mkdir_and_open_with_perms(). Rated high severity (CVSS 7.8). Public exploit code available.
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas. Rated medium severity (CVSS 4.7). No vendor patch available.
there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A race condition in go-resty can result in HTTP request body disclosure across requests. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Hyperledger Fabric is an open source permissioned distributed ledger framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
ZITADEL provides identity infrastructure. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. Rated high severity (CVSS 7.0). No vendor patch available.
In tbd of tbd, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
Windows Kernel Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.
A race condition was addressed with improved locking. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In camsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In pda, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In ims service, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
Race conditions in reference counting code were found through code inspection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Discourse is an open source discussion platform. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.
Windows Search Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
ASP.NET and Visual Studio Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. Rated medium severity (CVSS 4.7).
A race condition exists in the Tang server functionality for key generation and key rotation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available.
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
In display, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. Rated medium severity (CVSS 4.1). No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel through 6.3.8. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.
In swpm, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 4.1). No vendor patch available.
In vcu, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Libarchive through 3.6.2 can cause directories to have world-writable permissions. Rated medium severity (CVSS 5.3). No vendor patch available.
The Gallery app has the risk of hijacking attacks. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
This issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with improved locking. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. Rated high severity (CVSS 7.0).
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. Rated medium severity (CVSS 4.7). No vendor patch available.
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. Rated high severity (CVSS 7.0). No vendor patch available.
@web3-react is a framework for building Ethereum Apps . Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
In display drm, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In display drm, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vdec, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vdec, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. Rated medium severity (CVSS 4.7). No vendor patch available.
KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
An issue was discovered in the Linux kernel through 6.2.0-rc2. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.
A race condition can cause incorrect HTTP request routing. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.
Race condition in snap-confine's must_mkdir_and_open_with_perms(). Rated high severity (CVSS 7.8). Public exploit code available.
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas. Rated medium severity (CVSS 4.7). No vendor patch available.
there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A race condition in go-resty can result in HTTP request body disclosure across requests. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Hyperledger Fabric is an open source permissioned distributed ledger framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
ZITADEL provides identity infrastructure. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. Rated high severity (CVSS 7.0). No vendor patch available.
In tbd of tbd, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
Windows Kernel Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.
A race condition was addressed with improved locking. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In camsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In pda, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In ims service, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
Race conditions in reference counting code were found through code inspection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Discourse is an open source discussion platform. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.
Windows Search Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
ASP.NET and Visual Studio Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. Rated medium severity (CVSS 4.7).
A race condition exists in the Tang server functionality for key generation and key rotation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available.
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
In display, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. Rated medium severity (CVSS 4.1). No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel through 6.3.8. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).
In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.
In swpm, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 4.1). No vendor patch available.
In vcu, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Libarchive through 3.6.2 can cause directories to have world-writable permissions. Rated medium severity (CVSS 5.3). No vendor patch available.
The Gallery app has the risk of hijacking attacks. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
This issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with improved locking. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. Rated high severity (CVSS 7.0).
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. Rated medium severity (CVSS 4.7). No vendor patch available.
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. Rated high severity (CVSS 7.0). No vendor patch available.
@web3-react is a framework for building Ethereum Apps . Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
In display drm, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In display drm, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vdec, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vdec, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. Rated medium severity (CVSS 4.7). No vendor patch available.
KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
An issue was discovered in the Linux kernel through 6.2.0-rc2. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.
A race condition can cause incorrect HTTP request routing. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.