Vulnerabilities (CVE)

Filtered by CWE-362
Total 1508 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20801 3 Google, Linuxfoundation, Mediatek 9 Android, Yocto, Mt6879 and 6 more 2023-08-09 N/A 6.4 MEDIUM
In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.
CVE-2022-42951 1 Couchbase 1 Couchbase Server 2023-08-08 N/A 8.1 HIGH
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.
CVE-2022-32613 2 Google, Mediatek 33 Android, Mt6762, Mt6768 and 30 more 2023-08-08 N/A 6.4 MEDIUM
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.
CVE-2021-31797 1 Cyberark 1 Credential Provider 2023-08-08 1.9 LOW 5.1 MEDIUM
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.
CVE-2021-24000 1 Mozilla 1 Firefox 2023-08-08 2.6 LOW 3.1 LOW
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &lt;input type="file"&gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.
CVE-2022-32612 2 Google, Mediatek 33 Android, Mt6762, Mt6768 and 30 more 2023-08-08 N/A 6.4 MEDIUM
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.
CVE-2022-22057 1 Qualcomm 160 Apq8053, Apq8053 Firmware, Ar8035 and 157 more 2023-08-08 7.2 HIGH 7.8 HIGH
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-24986 1 Kde 1 Kcron 2023-08-08 4.6 MEDIUM 7.8 HIGH
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.
CVE-2022-2742 1 Google 3 Chrome, Chrome Os, Linux And Chrome Os 2023-08-08 N/A 8.8 HIGH
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)
CVE-2022-32844 1 Apple 4 Ipados, Iphone Os, Tvos and 1 more 2023-08-08 N/A 6.3 MEDIUM
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication.
CVE-2022-29527 1 Amazon 1 Amazon Ssm Agent 2023-08-08 6.9 MEDIUM 7.0 HIGH
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
CVE-2022-22737 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2023-08-08 N/A 7.5 HIGH
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-40307 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-08-08 N/A 4.7 MEDIUM
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
CVE-2022-20256 1 Google 1 Android 2023-08-08 N/A 6.4 MEDIUM
In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222572821
CVE-2022-3307 1 Google 1 Chrome 2023-08-08 N/A 8.8 HIGH
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-26450 2 Google, Mediatek 4 Android, Mt6879, Mt6895 and 1 more 2023-08-08 N/A 6.4 MEDIUM
In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue ID: ALPS07177801.
CVE-2021-39712 1 Google 1 Android 2023-08-08 4.4 MEDIUM 6.4 MEDIUM
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A
CVE-2022-32645 2 Google, Mediatek 19 Android, Mt6789, Mt6833 and 16 more 2023-08-08 N/A 4.1 MEDIUM
In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477.
CVE-2022-1729 2 Linux, Netapp 2 Linux Kernel, Hci Baseboard Management Controller 2023-08-04 N/A 7.0 HIGH
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
CVE-2023-37904 1 Discourse 1 Discourse 2023-08-03 N/A 3.1 LOW
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.