ReportizFlow
Filtered by vendor
Subscriptions
Total
2082 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49106 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-05-13 | 8.1 High |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | ||||
| CVE-2024-49097 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-05-13 | 7 High |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | ||||
| CVE-2024-49084 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-13 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-49059 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-05-13 | 7 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||
| CVE-2025-47545 | 1 Ays-pro | 1 Poll Maker | 2025-05-12 | 5.3 Medium |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7. | ||||
| CVE-2021-47351 | 1 Linux | 1 Linux Kernel | 2025-05-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/[email protected] | ||||
| CVE-2025-3886 | 1 Catonetworks | 1 Cato Client | 2025-05-12 | 8.1 High |
| An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component. | ||||
| CVE-2025-46336 | 2025-05-12 | 4.2 Medium | ||
| Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1. | ||||
| CVE-2025-47735 | 2025-05-12 | 2.9 Low | ||
| inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization. | ||||
| CVE-2022-22208 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-05-12 | 5.9 Medium |
| A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. | ||||
| CVE-2024-39501 | 1 Redhat | 1 Enterprise Linux | 2025-05-10 | 4.7 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-24255 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-05-08 | 4.2 Medium |
| A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. | ||||
| CVE-2022-27626 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-05-08 | 10 Critical |
| A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | ||||
| CVE-2024-26869 | 1 Linux | 1 Linux Kernel | 2025-05-07 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode page - f2fs_inplace_write_data - invalidate_mapping_pages : fail to invalidate meta_inode page due to lock failure or dirty|writeback status - f2fs_submit_page_bio : write last dirty data to old blkaddr - move_data_block - load old data from meta_inode page - f2fs_submit_page_write : write old data to new blkaddr Because invalidate_mapping_pages() will skip invalidating page which has unclear status including locked, dirty, writeback and so on, so we need to use truncate_inode_pages_range() instead of invalidate_mapping_pages() to make sure meta_inode page will be dropped. | ||||
| CVE-2022-3307 | 1 Google | 1 Chrome | 2025-05-06 | 8.8 High |
| Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-32895 | 1 Apple | 1 Macos | 2025-05-06 | 4.7 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. | ||||
| CVE-2022-42791 | 1 Apple | 2 Iphone Os, Macos | 2025-05-05 | 7 High |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2021-33078 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2025-05-05 | 4.7 Medium |
| Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2021-33075 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2025-05-05 | 4.7 Medium |
| Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2023-35824 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-05-05 | 7 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | ||||