Total
1508 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-20801 | 3 Google, Linuxfoundation, Mediatek | 9 Android, Yocto, Mt6879 and 6 more | 2023-08-09 | N/A | 6.4 MEDIUM |
In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968. | |||||
CVE-2022-42951 | 1 Couchbase | 1 Couchbase Server | 2023-08-08 | N/A | 8.1 HIGH |
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. | |||||
CVE-2022-32613 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2023-08-08 | N/A | 6.4 MEDIUM |
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | |||||
CVE-2021-31797 | 1 Cyberark | 1 Credential Provider | 2023-08-08 | 1.9 LOW | 5.1 MEDIUM |
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | |||||
CVE-2021-24000 | 1 Mozilla | 1 Firefox | 2023-08-08 | 2.6 LOW | 3.1 LOW |
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88. | |||||
CVE-2022-32612 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2023-08-08 | N/A | 6.4 MEDIUM |
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. | |||||
CVE-2022-22057 | 1 Qualcomm | 160 Apq8053, Apq8053 Firmware, Ar8035 and 157 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
CVE-2022-24986 | 1 Kde | 1 Kcron | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | |||||
CVE-2022-2742 | 1 Google | 3 Chrome, Chrome Os, Linux And Chrome Os | 2023-08-08 | N/A | 8.8 HIGH |
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) | |||||
CVE-2022-32844 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2023-08-08 | N/A | 6.3 MEDIUM |
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. | |||||
CVE-2022-29527 | 1 Amazon | 1 Amazon Ssm Agent | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. | |||||
CVE-2022-22737 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-08 | N/A | 7.5 HIGH |
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
CVE-2022-40307 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-08-08 | N/A | 4.7 MEDIUM |
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | |||||
CVE-2022-20256 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.4 MEDIUM |
In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222572821 | |||||
CVE-2022-3307 | 1 Google | 1 Chrome | 2023-08-08 | N/A | 8.8 HIGH |
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-26450 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2023-08-08 | N/A | 6.4 MEDIUM |
In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue ID: ALPS07177801. | |||||
CVE-2021-39712 | 1 Google | 1 Android | 2023-08-08 | 4.4 MEDIUM | 6.4 MEDIUM |
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A | |||||
CVE-2022-32645 | 2 Google, Mediatek | 19 Android, Mt6789, Mt6833 and 16 more | 2023-08-08 | N/A | 4.1 MEDIUM |
In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477. | |||||
CVE-2022-1729 | 2 Linux, Netapp | 2 Linux Kernel, Hci Baseboard Management Controller | 2023-08-04 | N/A | 7.0 HIGH |
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | |||||
CVE-2023-37904 | 1 Discourse | 1 Discourse | 2023-08-03 | N/A | 3.1 LOW |
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites. |