Vulnerabilities (CVE)

Filtered by CWE-362
Total 1553 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-41090 1 Intel 1 Memory And Storage Tool 2024-11-21 N/A 1.8 LOW
Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-40077 1 Google 1 Android 2024-11-21 N/A 8.1 HIGH
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-3397 1 Linux 1 Linux Kernel 2024-11-21 N/A 7.0 HIGH
A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.
CVE-2023-3301 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2024-11-21 N/A 5.6 MEDIUM
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
CVE-2023-3108 1 Linux 1 Linux Kernel 2024-11-21 N/A 6.2 MEDIUM
A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system.
CVE-2023-38616 1 Apple 1 Macos 2024-11-21 N/A 7.0 HIGH
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-38538 1 Whatsapp 1 Whatsapp 2024-11-21 N/A 5.0 MEDIUM
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
CVE-2023-38537 1 Whatsapp 1 Whatsapp 2024-11-21 N/A 5.6 MEDIUM
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
CVE-2023-38409 1 Linux 1 Linux Kernel 2024-11-21 N/A 5.5 MEDIUM
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).
CVE-2023-38166 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-11-21 N/A 8.1 HIGH
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-38159 1 Microsoft 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more 2024-11-21 N/A 7.0 HIGH
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-37904 1 Discourse 1 Discourse 2024-11-21 N/A 2.6 LOW
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.
CVE-2023-37244 2024-11-21 N/A 5.3 MEDIUM
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
CVE-2023-36902 1 Microsoft 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more 2024-11-21 N/A 7.0 HIGH
Windows Runtime Remote Code Execution Vulnerability
CVE-2023-36884 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-11-21 N/A 7.5 HIGH
Windows Search Remote Code Execution Vulnerability
CVE-2023-36776 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-11-21 N/A 7.0 HIGH
Win32k Elevation of Privilege Vulnerability
CVE-2023-36698 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2024-11-21 N/A 4.4 MEDIUM
Windows Kernel Security Feature Bypass Vulnerability
CVE-2023-36405 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2024-11-21 N/A 7.0 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35863 1 Madefornet 1 Http Debugger 2024-11-21 N/A 5.3 MEDIUM
In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.
CVE-2023-35829 2 Linux, Netapp 5 Linux Kernel, H300s, H410s and 2 more 2024-11-21 N/A 7.0 HIGH
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.