Filtered by CWE-362
Total 1969 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-49619 1 Apache 1 Answer 2025-06-11 3.1 Low
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.
CVE-2025-24493 1 Openatom 1 Openharmony 2025-06-09 5.5 Medium
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
CVE-2025-5054 2025-06-09 4.7 Medium
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
CVE-2018-15687 2 Canonical, Systemd Project 2 Ubuntu Linux, Systemd 2025-06-09 7.0 High
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
CVE-2017-18018 1 Gnu 1 Coreutils 2025-06-09 7.1 High
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
CVE-2017-2616 3 Debian, Redhat, Util-linux Project 8 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 5 more 2025-06-09 N/A
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
CVE-2023-6200 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-06-05 7.5 High
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
CVE-2024-24254 1 Dronecode 1 Px4 Drone Autopilot 2025-06-05 4.2 Medium
PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.
CVE-2022-34696 1 Microsoft 7 Windows 10, Windows 11, Windows 8.1 and 4 more 2025-06-05 7.8 High
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-48069 1 Weaver 1 E-cology 2025-06-05 9.8 Critical
A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges
CVE-2024-35255 2 Microsoft, Redhat 5 Authentication Library, Azure Identity Sdk, Camel Quarkus and 2 more 2025-06-05 5.5 Medium
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
CVE-2024-20509 1 Cisco 50 Meraki Mx100, Meraki Mx100 Firmware, Meraki Mx105 and 47 more 2025-06-04 5.8 Medium
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.
CVE-2025-48880 1 Freescout 1 Freescout 2025-06-04 6.6 Medium
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring. This issue has been patched in version 1.8.181.
CVE-2025-27492 2025-06-04 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
CVE-2025-26649 2025-06-04 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
CVE-2022-34702 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-06-04 8.1 High
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2024-36615 1 Ffmpeg 1 Ffmpeg 2025-06-03 5.9 Medium
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
CVE-2022-3328 1 Canonical 2 Snapd, Ubuntu Linux 2025-06-03 7.8 High
Race condition in snap-confine's must_mkdir_and_open_with_perms()
CVE-2024-22047 2 Collectiveidea, Redhat 2 Audited, Satellite 2025-06-03 3.1 Low
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
CVE-2025-40909 2025-06-03 5.9 Medium
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6