Total
1904 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | ||||
| CVE-2022-29582 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 7.0 High |
| In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. | ||||
| CVE-2022-29527 | 1 Amazon | 1 Amazon Ssm Agent | 2024-11-21 | 7.0 High |
| Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. | ||||
| CVE-2022-28796 | 4 Fedoraproject, Linux, Netapp and 1 more | 24 Fedora, Linux Kernel, Active Iq Unified Manager and 21 more | 2024-11-21 | 7.0 High |
| jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. | ||||
| CVE-2022-28768 | 1 Zoom | 1 Meetings | 2024-11-21 | 8.8 High |
| The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. | ||||
| CVE-2022-27481 | 1 Siemens | 8 Scalance W1788-1 M12, Scalance W1788-1 M12 Firmware, Scalance W1788-2 Eec M12 and 5 more | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device. | ||||
| CVE-2022-26765 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 4.7 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | ||||
| CVE-2022-26701 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 7.5 High |
| A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-26690 | 1 Apple | 1 Macos | 2024-11-21 | 4.7 Medium |
| Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. | ||||
| CVE-2022-26450 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2024-11-21 | 6.4 Medium |
| In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue ID: ALPS07177801. | ||||
| CVE-2022-26428 | 2 Google, Mediatek | 12 Android, Mt6739, Mt6761 and 9 more | 2024-11-21 | 6.4 Medium |
| In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260. | ||||
| CVE-2022-26362 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 6.4 Medium |
| x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. | ||||
| CVE-2022-26357 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 7.0 High |
| race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. | ||||
| CVE-2022-25822 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | ||||
| CVE-2022-25090 | 1 Kofax | 1 Printix | 2024-11-21 | 8.1 High |
| Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. | ||||
| CVE-2022-24986 | 1 Kde | 1 Kcron | 2024-11-21 | 7.8 High |
| KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | ||||
| CVE-2022-24951 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2024-11-21 | 7.0 High |
| A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future. | ||||
| CVE-2022-24950 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2024-11-21 | 7.5 High |
| A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId(). | ||||
| CVE-2022-24949 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2024-11-21 | 7.5 High |
| A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen(). | ||||
| CVE-2022-24800 | 1 Octobercms | 1 October | 2024-11-21 | 8.1 High |
| October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory. This vulnerability affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface and does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. The issue has been patched in Build 476 (v1.0.476), v1.1.12, and v2.2.15. Those who are unable to upgrade may apply with patch to their installation manually as a workaround. | ||||