Total
396 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-35378 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-08-02 | 7 High |
Windows Projected File System Elevation of Privilege Vulnerability | ||||
CVE-2023-34046 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2024-08-02 | 6.7 Medium |
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | ||||
CVE-2023-33832 | 2 Ibm, Linux | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2024-08-02 | 6.2 Medium |
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012. | ||||
CVE-2023-33154 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 7.8 High |
Windows Partition Management Driver Elevation of Privilege Vulnerability | ||||
CVE-2023-33156 | 1 Microsoft | 1 Malware Protection Engine | 2024-08-02 | 6.3 Medium |
Microsoft Defender Elevation of Privilege Vulnerability | ||||
CVE-2023-33119 | 1 Qualcomm | 69 Aqt1000 Firmware, Ar8035 Firmware, Fastconnect 6200 Firmware and 66 more | 2024-08-02 | 8.4 High |
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | ||||
CVE-2023-33046 | 1 Qualcomm | 98 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 95 more | 2024-08-02 | 7.8 High |
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. | ||||
CVE-2023-32554 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.0 High |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | ||||
CVE-2023-32555 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 7.0 High |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | ||||
CVE-2023-32282 | 2024-08-02 | 7.2 High | ||
Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2023-29337 | 2 Microsoft, Redhat | 4 Nuget, Enterprise Linux, Rhel Dotnet and 1 more | 2024-08-02 | 7.1 High |
NuGet Client Remote Code Execution Vulnerability | ||||
CVE-2023-28576 | 1 Qualcomm | 62 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 59 more | 2024-08-02 | 6.4 Medium |
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues. | ||||
CVE-2023-28075 | 1 Dell | 484 Alienware M15 R7, Alienware M15 R7 Firmware, Alienware M16 and 481 more | 2024-08-02 | 6.9 Medium |
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. | ||||
CVE-2023-27470 | 2 Microsoft, N-able | 2 Windows, Take Control | 2024-08-02 | 7.0 High |
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. | ||||
CVE-2023-27327 | 2024-08-02 | N/A | ||
Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18964. | ||||
CVE-2023-26438 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-08-02 | 4.3 Medium |
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. | ||||
CVE-2023-26299 | 1 Hp | 118 200 G3, 200 G3 Firmware, 200 G4 22 All-in-one and 115 more | 2024-08-02 | 7.0 High |
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability. | ||||
CVE-2023-25394 | 1 Getvideostream | 1 Videostream | 2024-08-02 | 7.0 High |
Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours. | ||||
CVE-2023-24861 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-08-02 | 7 High |
Windows Graphics Component Elevation of Privilege Vulnerability | ||||
CVE-2023-23520 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-08-02 | 5.9 Medium |
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root. |