Search Results (4067 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0039 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.
CVE-2004-2659 2 Mozilla, Opera 2 Mozilla, Opera Browser 2026-04-16 N/A
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
CVE-1999-0861 1 Microsoft 4 Commercial Internet System, Internet Information Server, Site Server and 1 more 2026-04-16 N/A
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
CVE-2003-0813 1 Microsoft 5 Windows 2000, Windows 98, Windows Nt and 2 more 2026-04-16 N/A
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
CVE-2004-2698 1 Imwheel 1 Imwheel 2026-04-16 N/A
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.
CVE-2003-1438 1 Bea 1 Weblogic Server 2026-04-16 N/A
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
CVE-1999-0035 2 Gnu, Sgi 2 Inet, Irix 2026-04-16 5.4 Medium
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
CVE-2026-23207 1 Linux 1 Linux Kernel 2026-04-15 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer check in IRQ handler Now that all other accesses to curr_xfer are done under the lock, protect the curr_xfer NULL check in tegra_qspi_isr_thread() with the spinlock. Without this protection, the following race can occur: CPU0 (ISR thread) CPU1 (timeout path) ---------------- ------------------- if (!tqspi->curr_xfer) // sees non-NULL spin_lock() tqspi->curr_xfer = NULL spin_unlock() handle_*_xfer() spin_lock() t = tqspi->curr_xfer // NULL! ... t->len ... // NULL dereference! With this patch, all curr_xfer accesses are now properly synchronized. Although all accesses to curr_xfer are done under the lock, in tegra_qspi_isr_thread() it checks for NULL, releases the lock and reacquires it later in handle_cpu_based_xfer()/handle_dma_based_xfer(). There is a potential for an update in between, which could cause a NULL pointer dereference. To handle this, add a NULL check inside the handlers after acquiring the lock. This ensures that if the timeout path has already cleared curr_xfer, the handler will safely return without dereferencing the NULL pointer.
CVE-2026-34857 1 Huawei 1 Harmonyos 2026-04-15 4.7 Medium
UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-34858 1 Huawei 1 Harmonyos 2026-04-15 4.1 Medium
UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-34861 1 Huawei 1 Harmonyos 2026-04-15 6.3 Medium
Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-34862 1 Huawei 1 Harmonyos 2026-04-15 6.3 Medium
Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-27222 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2026-04-15 5.5 Medium
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-21234 1 Microsoft 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more 2026-04-15 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2026-21523 1 Microsoft 2 Visual Studio Code, Visual Studio Code Copilot Chat Extension 2026-04-15 8 High
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2026-21240 1 Microsoft 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more 2026-04-15 7.8 High
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21237 1 Microsoft 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more 2026-04-15 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21231 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-04-15 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-2802 1 Mozilla 2 Firefox, Thunderbird 2026-04-15 4.2 Medium
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVE-2026-28549 1 Huawei 1 Harmonyos 2026-04-15 6.6 Medium
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.