| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Time-of-check Time-of-use (TOCTOU) in the
BIOS2PSP command may allow an attacker with a malicious BIOS to create a race
condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon
an S3 resume event potentially leading to a denial of service.
|
| A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.
|
| In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. |
| Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
|
|
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.
|
| Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours. |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows Clip Service Elevation of Privilege Vulnerability |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. |
| The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. |
| A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. |
| Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. |
| Race condition vulnerability in the DDR module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Concurrent variable access vulnerability in the ability module
Impact: Successful exploitation of this vulnerability may affect availability. |
