Total
1553 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-41090 | 1 Intel | 1 Memory And Storage Tool | 2024-11-21 | N/A | 1.8 LOW |
Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-40077 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.1 HIGH |
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-3397 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.0 HIGH |
A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. | |||||
CVE-2023-3301 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-11-21 | N/A | 5.6 MEDIUM |
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. | |||||
CVE-2023-3108 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 6.2 MEDIUM |
A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system. | |||||
CVE-2023-38616 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.0 HIGH |
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2023-38538 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | N/A | 5.0 MEDIUM |
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | |||||
CVE-2023-38537 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | N/A | 5.6 MEDIUM |
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | |||||
CVE-2023-38409 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). | |||||
CVE-2023-38166 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.1 HIGH |
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | |||||
CVE-2023-38159 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2024-11-21 | N/A | 7.0 HIGH |
Windows Graphics Component Elevation of Privilege Vulnerability | |||||
CVE-2023-37904 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 2.6 LOW |
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites. | |||||
CVE-2023-37244 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0 | |||||
CVE-2023-36902 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.0 HIGH |
Windows Runtime Remote Code Execution Vulnerability | |||||
CVE-2023-36884 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
Windows Search Remote Code Execution Vulnerability | |||||
CVE-2023-36776 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.0 HIGH |
Win32k Elevation of Privilege Vulnerability | |||||
CVE-2023-36698 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 4.4 MEDIUM |
Windows Kernel Security Feature Bypass Vulnerability | |||||
CVE-2023-36405 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-11-21 | N/A | 7.0 HIGH |
Windows Kernel Elevation of Privilege Vulnerability | |||||
CVE-2023-35863 | 1 Madefornet | 1 Http Debugger | 2024-11-21 | N/A | 5.3 MEDIUM |
In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access. | |||||
CVE-2023-35829 | 2 Linux, Netapp | 5 Linux Kernel, H300s, H410s and 2 more | 2024-11-21 | N/A | 7.0 HIGH |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. |