Total
333 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39894 | 2024-07-28 | N/A | 7.5 HIGH | ||
| OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. | |||||
| CVE-2024-5558 | 1 Schneider-electric | 4 Spacelogic As-b, Spacelogic As-b Firmware, Spacelogic As-p and 1 more | 2024-07-25 | N/A | 6.4 MEDIUM |
| CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | |||||
| CVE-2024-30471 | 1 Apache | 1 Streampipes | 2024-07-25 | N/A | 3.7 LOW |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | |||||
| CVE-2024-39826 | 2024-07-16 | N/A | 6.8 MEDIUM | ||
| Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access. | |||||
| CVE-2024-27238 | 2024-07-16 | N/A | 7.1 HIGH | ||
| Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. | |||||
| CVE-2024-39821 | 2024-07-16 | N/A | 6.6 MEDIUM | ||
| Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2024-39936 | 1 Qt | 1 Qt | 2024-07-08 | N/A | 5.9 MEDIUM |
| An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. | |||||
| CVE-2024-36304 | 2024-07-03 | N/A | 7.8 HIGH | ||
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-29149 | 2024-07-03 | N/A | 7.4 HIGH | ||
| An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process. | |||||
| CVE-2024-24995 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24993 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2022-48618 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-07-03 | N/A | 7.0 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. | |||||
| CVE-2024-0171 | 2024-06-25 | N/A | 5.3 MEDIUM | ||
| Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | |||||
| CVE-2024-30084 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-06-21 | N/A | 7.0 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-30088 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-06-21 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-30099 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-06-20 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-35265 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-06-20 | N/A | 7.0 HIGH |
| Windows Perception Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-20521 | 1 Amd | 186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more | 2024-06-18 | N/A | 5.7 MEDIUM |
| TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | |||||
| CVE-2024-21433 | 2024-06-11 | N/A | 7.0 HIGH | ||
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2023-24861 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.0 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||