Search Results (4064 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43741 1 Buildkite 1 Elastic Ci Stack 2024-11-21 7.0 High
A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.
CVE-2023-42483 1 Samsung 14 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 11 more 2024-11-21 6.3 Medium
A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system.
CVE-2023-42467 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2024-11-21 5.5 Medium
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
CVE-2023-41915 4 Debian, Fedoraproject, Openpmix and 1 more 4 Debian Linux, Fedora, Openpmix and 1 more 2024-11-21 8.1 High
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.
CVE-2023-41914 2 Fedoraproject, Schedmd 2 Fedora, Slurm 2024-11-21 7.0 High
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.
CVE-2023-41306 1 Huawei 2 Emui, Harmonyos 2024-11-21 3.7 Low
Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.
CVE-2023-41090 1 Intel 1 Memory And Storage Tool 2024-11-21 1.8 Low
Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-40077 1 Google 1 Android 2024-11-21 8.1 High
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-3765 2 Lfprojects, Microsoft 2 Mlflow, Windows 2024-11-21 10.0 Critical
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
CVE-2023-38672 1 Paddlepaddle 1 Paddlepaddle 2024-11-21 4.7 Medium
FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38616 1 Apple 1 Macos 2024-11-21 7.0 High
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-38538 1 Whatsapp 1 Whatsapp 2024-11-21 5 Medium
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
CVE-2023-38537 1 Whatsapp 1 Whatsapp 2024-11-21 5.6 Medium
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
CVE-2023-38409 2 Linux, Redhat 8 Linux Kernel, Enterprise Linux, Rhel Aus and 5 more 2024-11-21 5.5 Medium
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).
CVE-2023-37904 1 Discourse 1 Discourse 2024-11-21 2.6 Low
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.
CVE-2023-37769 1 Pixman 1 Pixman 2024-11-21 6.5 Medium
stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.
CVE-2023-37250 1 Unity 1 Parsec 2024-11-21 7.0 High
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version.
CVE-2023-35863 1 Madefornet 1 Http Debugger 2024-11-21 5.3 Medium
In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.
CVE-2023-35829 2 Linux, Netapp 5 Linux Kernel, H300s, H410s and 2 more 2024-11-21 7.0 High
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
CVE-2023-35828 2 Linux, Netapp 6 Linux Kernel, H300s, H410c and 3 more 2024-11-21 7 High
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.