Search Results (4086 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0804 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
CVE-2003-0813 1 Microsoft 5 Windows 2000, Windows 98, Windows Nt and 2 more 2026-04-16 N/A
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
CVE-2002-2374 1 Sun 1 Patchpro 2026-04-16 N/A
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
CVE-2006-2094 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
CVE-1999-0035 2 Gnu, Sgi 2 Inet, Irix 2026-04-16 5.4 Medium
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
CVE-2005-1111 4 Canonical, Debian, Gnu and 1 more 4 Ubuntu Linux, Debian Linux, Cpio and 1 more 2026-04-16 4.7 Medium
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2026-23207 1 Linux 1 Linux Kernel 2026-04-15 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer check in IRQ handler Now that all other accesses to curr_xfer are done under the lock, protect the curr_xfer NULL check in tegra_qspi_isr_thread() with the spinlock. Without this protection, the following race can occur: CPU0 (ISR thread) CPU1 (timeout path) ---------------- ------------------- if (!tqspi->curr_xfer) // sees non-NULL spin_lock() tqspi->curr_xfer = NULL spin_unlock() handle_*_xfer() spin_lock() t = tqspi->curr_xfer // NULL! ... t->len ... // NULL dereference! With this patch, all curr_xfer accesses are now properly synchronized. Although all accesses to curr_xfer are done under the lock, in tegra_qspi_isr_thread() it checks for NULL, releases the lock and reacquires it later in handle_cpu_based_xfer()/handle_dma_based_xfer(). There is a potential for an update in between, which could cause a NULL pointer dereference. To handle this, add a NULL check inside the handlers after acquiring the lock. This ensures that if the timeout path has already cleared curr_xfer, the handler will safely return without dereferencing the NULL pointer.
CVE-2026-34857 1 Huawei 1 Harmonyos 2026-04-15 4.7 Medium
UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-34858 1 Huawei 1 Harmonyos 2026-04-15 4.1 Medium
UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-34861 1 Huawei 1 Harmonyos 2026-04-15 6.3 Medium
Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-34862 1 Huawei 1 Harmonyos 2026-04-15 6.3 Medium
Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-27222 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2026-04-15 5.5 Medium
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-21234 1 Microsoft 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more 2026-04-15 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2026-21523 1 Microsoft 2 Visual Studio Code, Visual Studio Code Copilot Chat Extension 2026-04-15 8 High
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2026-21240 1 Microsoft 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more 2026-04-15 7.8 High
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21237 1 Microsoft 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more 2026-04-15 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21231 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-04-15 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-2802 1 Mozilla 2 Firefox, Thunderbird 2026-04-15 4.2 Medium
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVE-2026-28549 1 Huawei 1 Harmonyos 2026-04-15 6.6 Medium
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-32887 2 Effect Project, Effectful 2 Effect, Effect 2026-04-15 7.4 High
Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using `RpcServer.toWebHandler` (or `HttpApp.toWebHandlerRuntime`) inside a Next.js App Router route handler, any Node.js `AsyncLocalStorage`-dependent API called from within an Effect fiber can read another concurrent request's context — or no context at all. Under production traffic, `auth()` from `@clerk/nextjs/server` returns a different user's session. Version 3.20.0 contains a fix for the issue.