Total
454 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-38352 | 1 Linux | 1 Linux Kernel | 2025-09-05 | N/A | 7.4 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case. | |||||
| CVE-2024-10972 | 2025-09-05 | N/A | 7.3 HIGH | ||
| Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations. | |||||
| CVE-2024-2440 | 1 Github | 1 Enterprise Server | 2025-09-02 | N/A | 5.5 MEDIUM |
| A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2025-9810 | 2025-09-02 | N/A | 6.8 MEDIUM | ||
| TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path. | |||||
| CVE-2021-3899 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-26 | N/A | 7.8 HIGH |
| There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | |||||
| CVE-2025-44002 | 2025-08-26 | N/A | 6.1 MEDIUM | ||
| Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification. | |||||
| CVE-2025-3599 | 1 Broadcom | 2 Symantec Endpoint Protection, Symantec Eraser Engine | 2025-08-21 | N/A | 6.5 MEDIUM |
| Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. | |||||
| CVE-2024-43067 | 1 Qualcomm | 116 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 113 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. | |||||
| CVE-2025-21485 | 1 Qualcomm | 58 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
| CVE-2024-53018 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption may occur while processing the OIS packet parser. | |||||
| CVE-2024-53016 | 1 Qualcomm | 68 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 65 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption while processing I2C settings in Camera driver. | |||||
| CVE-2025-21455 | 1 Qualcomm | 58 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while submitting blob data to kernel space though IOCTL. | |||||
| CVE-2025-54655 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 8.1 HIGH |
| Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module. | |||||
| CVE-2024-41787 | 1 Ibm | 1 Doors Next | 2025-08-20 | N/A | 9.8 CRITICAL |
| IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2025-21431 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-08-19 | N/A | 5.5 MEDIUM |
| Information disclosure may be there when a guest VM is connected. | |||||
| CVE-2025-53134 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-19 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-21473 | 1 Qualcomm | 12 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 9 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption when using Virtual cdm (Camera Data Mover) to write registers. | |||||
| CVE-2025-27076 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 87 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption while processing simultaneous requests via escape path. | |||||
| CVE-2025-6217 | 1 Peak-system | 1 Device Driver | 2025-08-18 | N/A | 2.5 LOW |
| PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the PCANFD_ADD_FILTERS IOCTL. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-24161. | |||||
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2025-08-18 | N/A | 7.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | |||||