Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42803 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-28 | N/A | 7.0 HIGH |
A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-30214 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2024-02-28 | 6.0 MEDIUM | 6.6 MEDIUM |
Windows DNS Server Remote Code Execution Vulnerability | |||||
CVE-2022-24504 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-02-28 | N/A | 8.1 HIGH |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
CVE-2022-38047 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-02-28 | N/A | 8.1 HIGH |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
CVE-2022-24950 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2024-02-28 | N/A | 7.5 HIGH |
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId(). | |||||
CVE-2022-2609 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2024-02-28 | N/A | 8.8 HIGH |
Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
CVE-2022-32613 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2024-02-28 | N/A | 6.4 MEDIUM |
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | |||||
CVE-2021-0696 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.0 HIGH |
In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778 | |||||
CVE-2022-3566 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 7.1 HIGH |
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. | |||||
CVE-2020-36557 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.1 MEDIUM |
A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | |||||
CVE-2022-30198 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-02-28 | N/A | 8.1 HIGH |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
CVE-2022-41118 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-02-28 | N/A | 7.5 HIGH |
Windows Scripting Languages Remote Code Execution Vulnerability | |||||
CVE-2022-34892 | 1 Parallels | 1 Parallels Desktop | 2024-02-28 | N/A | 7.8 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16396. | |||||
CVE-2022-2608 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2024-02-28 | N/A | 8.8 HIGH |
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
CVE-2022-21789 | 2 Google, Mediatek | 21 Android, Mt6779, Mt6781 and 18 more | 2024-02-28 | N/A | 6.4 MEDIUM |
In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101. | |||||
CVE-2022-20082 | 2 Google, Mediatek | 19 Android, Mt6768, Mt6769 and 16 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730. | |||||
CVE-2022-3635 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 7.0 HIGH |
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. | |||||
CVE-2022-20154 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel | |||||
CVE-2022-26765 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | |||||
CVE-2022-22008 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
Windows Hyper-V Remote Code Execution Vulnerability |