| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. |
| MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827. |
| In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1. |
| In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit |
| A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions. |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability. |
| In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Race condition issue occurring in the physical page import process of the memory management module.
Impact: Successful exploitation of this vulnerability may affect service integrity. |
| Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. |
| TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path. |
| A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. |
| A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability
could potentially allow a local attacker to escalate privileges via a race condition when installing packages. |
| ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1. |
