Total
1513 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-26701 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-02-28 | 7.6 HIGH | 7.5 HIGH |
A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-24537 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
Windows Hyper-V Remote Code Execution Vulnerability | |||||
CVE-2022-26820 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-02-28 | 8.5 HIGH | 6.6 MEDIUM |
Windows DNS Server Remote Code Execution Vulnerability | |||||
CVE-2022-33915 | 1 Amazon | 1 Hotpatch | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. | |||||
CVE-2018-25030 | 1 Mirmay | 2 File Manager, Secure Private Browser | 2024-02-28 | 1.9 LOW | 2.5 LOW |
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. | |||||
CVE-2021-3640 | 5 Canonical, Debian, Fedoraproject and 2 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
CVE-2022-20148 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 6.4 MEDIUM |
In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219513976References: Upstream kernel | |||||
CVE-2021-33078 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2022-26822 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-02-28 | 8.5 HIGH | 6.6 MEDIUM |
Windows DNS Server Remote Code Execution Vulnerability | |||||
CVE-2022-30028 | 1 Dradisframework | 1 Dradis | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. | |||||
CVE-2022-20032 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2024-02-28 | 1.9 LOW | 4.1 MEDIUM |
In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822. | |||||
CVE-2022-30127 | 1 Microsoft | 1 Edge Chromium | 2024-02-28 | 5.1 MEDIUM | 8.3 HIGH |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
CVE-2021-39735 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A | |||||
CVE-2021-4203 | 3 Linux, Netapp, Oracle | 23 Linux Kernel, A700s, A700s Firmware and 20 more | 2024-02-28 | 4.9 MEDIUM | 6.8 MEDIUM |
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | |||||
CVE-2022-20118 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A | |||||
CVE-2022-24525 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Windows Update Stack Elevation of Privilege Vulnerability | |||||
CVE-2022-29116 | 1 Microsoft | 1 Windows 11 | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
Windows Kernel Information Disclosure Vulnerability | |||||
CVE-2022-20141 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel | |||||
CVE-2022-20006 | 1 Google | 1 Android | 2024-02-28 | 6.2 MEDIUM | 7.0 HIGH |
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-151095871 | |||||
CVE-2022-20091 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6731 and 43 more | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345. |