Total
1513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35863 | 1 Madefornet | 1 Http Debugger | 2024-02-28 | N/A | 5.3 MEDIUM |
| In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access. | |||||
| CVE-2023-20686 | 2 Google, Mediatek | 5 Android, Mt6879, Mt6895 and 2 more | 2024-02-28 | N/A | 6.4 MEDIUM |
| In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826. | |||||
| CVE-2023-33974 | 1 Riot-os | 1 Riot | 2024-02-28 | N/A | 5.9 MEDIUM |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds. | |||||
| CVE-2023-2898 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-02-28 | N/A | 4.7 MEDIUM |
| There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. | |||||
| CVE-2023-22499 | 1 Deno | 1 Deno | 2024-02-28 | N/A | 7.5 HIGH |
| Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message. This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can’t be reliably reproduced on every try. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). The problem has been fixed in Deno v1.29.3; it is recommended all users update to this version. Users are advised to upgrade. Users unable to upgrade may run with --no-prompt flag to disable interactive permission prompts. | |||||
| CVE-2022-28768 | 1 Zoom | 1 Meetings | 2024-02-28 | N/A | 7.8 HIGH |
| The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. | |||||
| CVE-2021-20251 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-02-28 | N/A | 5.9 MEDIUM |
| A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. | |||||
| CVE-2022-42770 | 2 Google, Unisoc | 14 Android, S8019, Sc7731e and 11 more | 2024-02-28 | N/A | 4.7 MEDIUM |
| In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-20567 | 1 Google | 1 Android | 2024-02-28 | N/A | 6.4 MEDIUM |
| In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel | |||||
| CVE-2021-39660 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.0 HIGH |
| In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-254742984 | |||||
| CVE-2022-46713 | 1 Apple | 1 Macos | 2024-02-28 | N/A | 4.7 MEDIUM |
| A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. | |||||
| CVE-2022-40130 | 1 Wp-polls Project | 1 Wp-polls | 2024-02-28 | N/A | 3.1 LOW |
| Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. | |||||
| CVE-2022-42951 | 1 Couchbase | 1 Couchbase Server | 2024-02-28 | N/A | 8.1 HIGH |
| An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. | |||||
| CVE-2022-44676 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-02-28 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2023-28144 | 1 Kdab | 1 Hotspot | 2024-02-28 | N/A | 7.0 HIGH |
| KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. | |||||
| CVE-2022-46174 | 1 Amazon | 2 Efs-utils, Elastic File System Container Storage Interface Driver | 2024-02-28 | N/A | 4.2 MEDIUM |
| efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later. | |||||
| CVE-2022-48366 | 1 Ibexa | 7 Commerce, Digital Experience Platform, Ez Platform and 4 more | 2024-02-28 | N/A | 3.7 LOW |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack. | |||||
| CVE-2023-24042 | 1 Lightftp Project | 1 Lightftp | 2024-02-28 | N/A | 7.5 HIGH |
| A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. | |||||
| CVE-2022-42930 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 7.1 HIGH |
| If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. | |||||
| CVE-2020-19824 | 1 Mpv | 1 Mpv | 2024-02-28 | N/A | 7.0 HIGH |
| An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. | |||||