Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-20902 | 1 Linuxfoundation | 1 Harbor | 2024-02-28 | N/A | 6.5 MEDIUM |
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information. | |||||
CVE-2023-30954 | 1 Palantir | 1 Video-application-server | 2024-02-28 | N/A | 3.7 LOW |
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized. | |||||
CVE-2024-24864 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 4.7 MEDIUM |
A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |||||
CVE-2023-49786 | 2 Digium, Sangoma | 2 Asterisk, Certified Asterisk | 2024-02-28 | N/A | 5.9 MEDIUM |
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6. | |||||
CVE-2023-4642 | 1 Kamalkhan | 1 Kk Star Ratings | 2024-02-28 | N/A | 5.9 MEDIUM |
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. | |||||
CVE-2024-23651 | 1 Mobyproject | 1 Buildkit | 2024-02-28 | N/A | 7.4 HIGH |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options. | |||||
CVE-2023-6109 | 1 Yop-poll | 1 Yop Poll | 2024-02-28 | N/A | 3.7 LOW |
The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person. | |||||
CVE-2024-23196 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 4.7 MEDIUM |
A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |||||
CVE-2023-20571 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2024-02-28 | N/A | 8.1 HIGH |
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. | |||||
CVE-2023-5676 | 1 Eclipse | 1 Openj9 | 2024-02-28 | N/A | 5.9 MEDIUM |
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. | |||||
CVE-2023-6200 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 7.5 HIGH |
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. | |||||
CVE-2024-24255 | 1 Dronecode | 1 Px4 Drone Autopilot | 2024-02-28 | N/A | 4.2 MEDIUM |
A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. | |||||
CVE-2024-20007 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2024-02-28 | N/A | 7.5 HIGH |
In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369. | |||||
CVE-2024-26578 | 2024-02-28 | N/A | N/A | ||
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue. | |||||
CVE-2022-3328 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-02-28 | N/A | 7.0 HIGH |
Race condition in snap-confine's must_mkdir_and_open_with_perms() | |||||
CVE-2023-45286 | 1 Resty Project | 1 Resty | 2024-02-28 | N/A | 5.9 MEDIUM |
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body. | |||||
CVE-2022-48613 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 5.9 MEDIUM |
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed. | |||||
CVE-2024-21601 | 1 Juniper | 1 Junos | 2024-02-28 | N/A | 5.9 MEDIUM |
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1. | |||||
CVE-2024-0605 | 1 Mozilla | 1 Firefox Focus | 2024-02-28 | N/A | 7.5 HIGH |
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. | |||||
CVE-2024-24855 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 4.7 MEDIUM |
A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. |