Total
395 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-24995 | 2024-08-01 | N/A | ||
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
CVE-2024-24993 | 2024-08-01 | N/A | ||
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
CVE-2024-24855 | 1 Linux | 1 Linux Kernel | 2024-08-01 | 5 Medium |
A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||||
CVE-2024-24692 | 1 Zoom | 1 Rooms | 2024-08-01 | 5.3 Medium |
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. | ||||
CVE-2024-23196 | 1 Linux | 1 Linux Kernel | 2024-08-01 | 5.3 Medium |
A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||||
CVE-2024-21792 | 2024-08-01 | 4.7 Medium | ||
Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2024-21371 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-08-01 | 7 High |
Windows Kernel Elevation of Privilege Vulnerability | ||||
CVE-2024-21362 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-08-01 | 5.5 Medium |
Windows Kernel Security Feature Bypass Vulnerability | ||||
CVE-2024-5558 | 1 Schneider-electric | 4 Spacelogic As-b, Spacelogic As-b Firmware, Spacelogic As-p and 1 more | 2024-08-01 | 6.4 Medium |
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | ||||
CVE-2024-3290 | 2024-08-01 | 8.2 High | ||
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host | ||||
CVE-2024-3292 | 2024-08-01 | 8.2 High | ||
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292 | ||||
CVE-2024-2913 | 2024-08-01 | N/A | ||
A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. | ||||
CVE-2024-2440 | 2024-08-01 | 5.5 Medium | ||
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
CVE-2024-1729 | 2024-08-01 | N/A | ||
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access. | ||||
CVE-2023-32001 | 2023-11-07 | 5.5 Medium | ||
We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. |