Total
1264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24949 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2022-08-17 | N/A | 7.5 HIGH |
| A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen(). | |||||
| CVE-2022-20371 | 1 Google | 1 Android | 2022-08-12 | N/A | 6.4 MEDIUM |
| In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195565510References: Upstream kernel | |||||
| CVE-2022-20373 | 1 Google | 1 Android | 2022-08-12 | N/A | 6.4 MEDIUM |
| In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208269510References: N/A | |||||
| CVE-2022-34702 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-08-12 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767, CVE-2022-35794. | |||||
| CVE-2022-34696 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2022-08-12 | N/A | 7.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. | |||||
| CVE-2019-12263 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2022-08-12 | 6.8 MEDIUM | 8.1 HIGH |
| Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | |||||
| CVE-2014-9748 | 3 Libuv, Microsoft, Nodejs | 4 Libuv, Windows Server 2003, Windows Xp and 1 more | 2022-08-12 | 6.8 MEDIUM | 8.1 HIGH |
| The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. | |||||
| CVE-2022-20344 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.0 HIGH |
| In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-232541124 | |||||
| CVE-2022-37035 | 1 Frrouting | 1 Frrouting | 2022-08-10 | N/A | 8.1 HIGH |
| An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. | |||||
| CVE-2010-1775 | 1 Apple | 2 Iphone Os, Ipod Touch | 2022-08-09 | 1.9 LOW | N/A |
| Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. | |||||
| CVE-2008-4229 | 1 Apple | 2 Iphone Os, Ipod Touch | 2022-08-09 | 3.7 LOW | N/A |
| Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | |||||
| CVE-2007-2400 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2022-08-09 | 4.3 MEDIUM | N/A |
| Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. | |||||
| CVE-2021-39212 | 1 Imagemagick | 1 Imagemagick | 2022-08-05 | 3.6 LOW | 3.6 LOW |
| ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />. | |||||
| CVE-2022-26428 | 2 Google, Mediatek | 12 Android, Mt6739, Mt6761 and 9 more | 2022-08-04 | N/A | 6.4 MEDIUM |
| In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260. | |||||
| CVE-2022-21789 | 2 Google, Mediatek | 21 Android, Mt6779, Mt6781 and 18 more | 2022-08-04 | N/A | 6.4 MEDIUM |
| In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101. | |||||
| CVE-2021-26569 | 1 Synology | 1 Diskstation Manager | 2022-08-02 | 6.8 MEDIUM | 8.1 HIGH |
| Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | |||||
| CVE-2019-5840 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Iphone Os, Debian Linux, Fedora and 3 more | 2022-07-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2022-34892 | 1 Parallels | 1 Parallels Desktop | 2022-07-28 | N/A | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16396. | |||||
| CVE-2020-36557 | 1 Linux | 1 Linux Kernel | 2022-07-27 | N/A | 5.1 MEDIUM |
| A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. | |||||
| CVE-2020-36558 | 1 Linux | 1 Linux Kernel | 2022-07-27 | N/A | 5.1 MEDIUM |
| A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. | |||||