Total
1661 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-34725 | 1 Microsoft | 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more | 2024-08-03 | 7 High |
Windows ALPC Elevation of Privilege Vulnerability | ||||
CVE-2022-33915 | 1 Amazon | 1 Hotpatch | 2024-08-03 | 7 High |
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. | ||||
CVE-2022-33636 | 1 Microsoft | 1 Edge Chromium | 2024-08-03 | 8.3 High |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
CVE-2022-33634 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2024-08-03 | 8.1 High |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
CVE-2022-32895 | 1 Apple | 1 Macos | 2024-08-03 | 4.7 Medium |
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. | ||||
CVE-2022-32844 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-08-03 | 6.3 Medium |
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. | ||||
CVE-2022-32764 | 1 Intel | 1 Driver \& Support Assistant | 2024-08-03 | 7.5 High |
Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-32613 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2024-08-03 | 6.4 Medium |
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | ||||
CVE-2022-32645 | 2 Google, Mediatek | 19 Android, Mt6789, Mt6833 and 16 more | 2024-08-03 | 4.1 Medium |
In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477. | ||||
CVE-2022-32612 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2024-08-03 | 6.4 Medium |
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. | ||||
CVE-2022-32621 | 2 Google, Mediatek | 3 Android, Mt6895, Mt6983 | 2024-08-03 | 6.4 Medium |
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829. | ||||
CVE-2022-31758 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-03 | 4.7 Medium |
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
CVE-2022-31015 | 1 Agendaless | 1 Waitress | 2024-08-03 | 6.5 Medium |
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. | ||||
CVE-2022-30198 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-08-03 | 8.1 High |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
CVE-2022-30128 | 1 Microsoft | 1 Edge Chromium | 2024-08-03 | 8.3 High |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
CVE-2022-30127 | 1 Microsoft | 1 Edge Chromium | 2024-08-03 | 8.3 High |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
CVE-2022-30028 | 1 Dradisframework | 1 Dradis | 2024-08-03 | 5.9 Medium |
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. | ||||
CVE-2022-29582 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-03 | 7.0 High |
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. | ||||
CVE-2022-29527 | 1 Amazon | 1 Amazon Ssm Agent | 2024-08-03 | 7.0 High |
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. | ||||
CVE-2022-29113 | 1 Microsoft | 11 Windows 10, Windows 10 1809, Windows 10 1909 and 8 more | 2024-08-03 | 7.8 High |
Windows Digital Media Receiver Elevation of Privilege Vulnerability |