| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. |
| A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. |
| Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. |
| Race condition vulnerability in the DDR module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Concurrent variable access vulnerability in the ability module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. |
| Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction. |
| Race condition vulnerability in the Bastet module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Race condition vulnerability in the distributed notification module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds. |
| Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. |
| An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.
This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
|
| The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person. |
| In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189. |
| In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928. |
| Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. |
| Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. |
| Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. |
| Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. |
| Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
