Total
1998 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53102 | 2024-12-12 | 4.7 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-27876 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-12 | 8.1 High |
| A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | ||||
| CVE-2023-42974 | 1 Apple | 4 Ipad Os, Ipados, Iphone Os and 1 more | 2024-12-12 | 7.0 High |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-47974 | 2024-12-11 | 4.4 Medium | ||
| Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||||
| CVE-2024-47968 | 2024-12-11 | 4.4 Medium | ||
| Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||||
| CVE-2024-32993 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 5.6 Medium |
| Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-42959 | 1 Apple | 1 Macos | 2024-12-09 | 7.0 High |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-32997 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 8.4 High |
| Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52720 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 4.1 Medium |
| Race condition vulnerability in the soundtrigger module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-32413 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 7.0 High |
| A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges. | ||||
| CVE-2023-20771 | 2 Google, Mediatek | 11 Android, Mt6580, Mt6739 and 8 more | 2024-12-04 | 6.4 Medium |
| In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046. | ||||
| CVE-2023-21178 | 1 Google | 1 Android | 2024-12-04 | 4.1 Medium |
| In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-140762419 | ||||
| CVE-2024-50228 | 1 Redhat | 1 Enterprise Linux | 2024-11-28 | 7.0 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-49706 | 1 Linotp | 2 Linotp, Virtual Appliance | 2024-11-26 | 6.8 Medium |
| Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal. | ||||
| CVE-2018-0480 | 1 Cisco | 1 Ios Xe | 2024-11-26 | N/A |
| A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition. | ||||
| CVE-2023-2010 | 1 Incsub | 1 Forminator | 2024-11-22 | 3.1 Low |
| The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. | ||||
| CVE-2024-47534 | 1 Theupdateframework | 1 Go-tuf | 2024-11-21 | 5.3 Medium |
| go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly trace the delegations "B"->"C"->"A". This vulnerability is fixed in 2.0.1. | ||||
| CVE-2024-7589 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 8.1 High |
| A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root. | ||||
| CVE-2024-3979 | 2024-11-21 | 4.4 Medium | ||
| A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596. | ||||
| CVE-2024-33904 | 2024-11-21 | 7.0 High | ||
| In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file. | ||||