Total
1513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20801 | 3 Google, Linuxfoundation, Mediatek | 9 Android, Yocto, Mt6879 and 6 more | 2024-02-28 | N/A | 6.4 MEDIUM |
| In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968. | |||||
| CVE-2023-38538 | 1 Whatsapp | 1 Whatsapp | 2024-02-28 | N/A | 5.0 MEDIUM |
| A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | |||||
| CVE-2023-38537 | 1 Whatsapp | 1 Whatsapp | 2024-02-28 | N/A | 5.6 MEDIUM |
| A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | |||||
| CVE-2022-48566 | 3 Debian, Netapp, Python | 4 Debian Linux, Active Iq Unified Manager, Converged Systems Advisor Agent and 1 more | 2024-02-28 | N/A | 5.9 MEDIUM |
| An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | |||||
| CVE-2023-32570 | 2 Fedoraproject, Videolan | 2 Fedora, Dav1d | 2024-02-28 | N/A | 5.9 MEDIUM |
| VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | |||||
| CVE-2023-28125 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 5.9 MEDIUM |
| An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | |||||
| CVE-2023-28320 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2024-02-28 | N/A | 5.9 MEDIUM |
| A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | |||||
| CVE-2023-20685 | 2 Google, Mediatek | 11 Android, Mt6789, Mt6855 and 8 more | 2024-02-28 | N/A | 6.4 MEDIUM |
| In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575. | |||||
| CVE-2023-1582 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 4.7 MEDIUM |
| A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. | |||||
| CVE-2023-35823 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. | |||||
| CVE-2023-20771 | 2 Google, Mediatek | 11 Android, Mt6580, Mt6739 and 8 more | 2024-02-28 | N/A | 6.4 MEDIUM |
| In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046. | |||||
| CVE-2023-21101 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.0 HIGH |
| In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255 | |||||
| CVE-2023-35826 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2024-02-28 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. | |||||
| CVE-2023-28126 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 5.9 MEDIUM |
| An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | |||||
| CVE-2023-20736 | 3 Google, Linuxfoundation, Mediatek | 23 Android, Iot-yocto, Yocto and 20 more | 2024-02-28 | N/A | 6.4 MEDIUM |
| In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189. | |||||
| CVE-2022-48451 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-28 | N/A | 4.1 MEDIUM |
| In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed. | |||||
| CVE-2023-30543 | 1 Uniswap | 4 Web3-react Coinbase-wallet, Web3-react Eip1193, Web3-react Metamask and 1 more | 2024-02-28 | N/A | 5.7 MEDIUM |
| @web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2023-21095 | 1 Google | 1 Android | 2024-02-28 | N/A | 4.7 MEDIUM |
| In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576 | |||||
| CVE-2023-28142 | 1 Qualys | 1 Cloud Agent | 2024-02-28 | N/A | 7.0 HIGH |
| A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life. | |||||
| CVE-2023-35824 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | |||||