Total
1904 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4883 | 1 Philippe Jounin | 1 Tftpd32 | 2024-11-21 | N/A |
| Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames." | ||||
| CVE-2005-3240 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
| Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | ||||
| CVE-2005-2352 | 1 Gs-gpl Project | 1 Gs-gpl | 2024-11-20 | 8.1 High |
| I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. | ||||
| CVE-2004-2698 | 1 Imwheel | 1 Imwheel | 2024-11-20 | N/A |
| Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file. | ||||
| CVE-2004-2697 | 1 Ibm | 1 Aix | 2024-11-20 | N/A |
| The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. | ||||
| CVE-2004-2659 | 2 Mozilla, Opera | 2 Mozilla, Opera Browser | 2024-11-20 | N/A |
| Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407. | ||||
| CVE-2004-2491 | 1 Opera | 1 Opera Browser | 2024-11-20 | N/A |
| A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. | ||||
| CVE-2003-1562 | 1 Openbsd | 1 Openssh | 2024-11-20 | N/A |
| sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. | ||||
| CVE-2003-1438 | 1 Bea | 1 Weblogic Server | 2024-11-20 | N/A |
| Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | ||||
| CVE-2002-2374 | 1 Sun | 1 Patchpro | 2024-11-20 | N/A |
| Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | ||||
| CVE-2002-2244 | 1 Akfingerd | 1 Akfingerd | 2024-11-20 | N/A |
| Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle. | ||||
| CVE-2000-0864 | 1 Gnome | 1 Esound | 2024-11-20 | N/A |
| Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. | ||||
| CVE-1999-0861 | 1 Microsoft | 4 Commercial Internet System, Internet Information Server, Site Server and 1 more | 2024-11-20 | N/A |
| Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. | ||||
| CVE-2024-29211 | 1 Ivanti | 1 Secure Access Client | 2024-11-14 | 4.7 Medium |
| A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | ||||
| CVE-2024-51515 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 6.2 Medium |
| Race condition vulnerability in the kernel network module Impact:Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-9936 | 2024-11-06 | 6.5 Medium | ||
| When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. | ||||
| CVE-2024-47827 | 1 Argo Workflows Project | 1 Argo Workflows | 2024-11-05 | 5.7 Medium |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2. | ||||
| CVE-2024-10468 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-04 | 9.8 Critical |
| Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132. | ||||
| CVE-2024-47870 | 1 Gradio Project | 1 Gradio | 2024-10-17 | 8.1 High |
| Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue. | ||||
| CVE-2024-43701 | 1 Imaginationtech | 1 Graphics Ddk | 2024-10-15 | 7.8 High |
| Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | ||||