Total
1660 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43467 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-09-19 | 7.5 High |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
| CVE-2024-7885 | 1 Redhat | 19 Apache Camel Spring Boot, Build Keycloak, Build Of Apache Camel - Hawtio and 16 more | 2024-09-19 | 7.5 High |
| A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. | ||||
| CVE-2023-38538 | 1 Whatsapp | 1 Whatsapp | 2024-09-19 | 5 Medium |
| A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | ||||
| CVE-2023-38537 | 1 Whatsapp | 1 Whatsapp | 2024-09-19 | 5.6 Medium |
| A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | ||||
| CVE-2023-27359 | 1 Tp-link | 1 Ax1800 | 2024-09-18 | N/A |
| TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. . Was ZDI-CAN-19664. | ||||
| CVE-2023-35645 | 1 Google | 1 Android | 2024-09-18 | 6.4 Medium |
| In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-6162 | 1 Redhat | 11 Apache Camel Spring Boot, Build Keycloak, Camel Spring Boot and 8 more | 2024-09-18 | 7.5 High |
| A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up. | ||||
| CVE-2024-38137 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2024-09-17 | 7 High |
| Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-38136 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2024-09-17 | 7 High |
| Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-38191 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-09-17 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-27876 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-17 | 8.1 High |
| A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | ||||
| CVE-2024-0397 | 1 Python Software Foundation | 1 Cpython | 2024-09-17 | 7.4 High |
| A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. | ||||
| CVE-2015-9016 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046. | ||||
| CVE-2017-0794 | 1 Google | 1 Android | 2024-09-17 | N/A |
| A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. | ||||
| CVE-2009-3527 | 1 Freebsd | 1 Freebsd | 2024-09-17 | N/A |
| Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. | ||||
| CVE-2002-2374 | 1 Sun | 1 Patchpro | 2024-09-17 | N/A |
| Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | ||||
| CVE-2017-8257 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. | ||||
| CVE-2010-5183 | 2 Microsoft, Webroot | 2 Windows Xp, Internet Security Essentials | 2024-09-17 | N/A |
| Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | ||||
| CVE-2019-7718 | 1 Metinfo | 1 Metinfo | 2024-09-17 | N/A |
| An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily. | ||||
| CVE-2017-6167 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2024-09-17 | N/A |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. | ||||