Total
1998 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45286 | 2 Redhat, Resty Project | 3 Migration Toolkit Applications, Openshift Distributed Tracing, Resty | 2024-11-21 | 5.9 Medium |
| A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body. | ||||
| CVE-2023-41915 | 4 Debian, Fedoraproject, Openpmix and 1 more | 4 Debian Linux, Fedora, Openpmix and 1 more | 2024-11-21 | 8.1 High |
| OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | ||||
| CVE-2023-41914 | 2 Fedoraproject, Schedmd | 2 Fedora, Slurm | 2024-11-21 | 7.0 High |
| SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. | ||||
| CVE-2023-41306 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 3.7 Low |
| Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable. | ||||
| CVE-2023-41090 | 1 Intel | 1 Memory And Storage Tool | 2024-11-21 | 1.8 Low |
| Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-40077 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-38616 | 1 Apple | 1 Macos | 2024-11-21 | 7.0 High |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-38538 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 5 Medium |
| A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | ||||
| CVE-2023-38537 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 5.6 Medium |
| A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | ||||
| CVE-2023-38409 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). | ||||
| CVE-2023-37904 | 1 Discourse | 1 Discourse | 2024-11-21 | 2.6 Low |
| Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites. | ||||
| CVE-2023-35863 | 1 Madefornet | 1 Http Debugger | 2024-11-21 | 5.3 Medium |
| In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access. | ||||
| CVE-2023-35829 | 2 Linux, Netapp | 5 Linux Kernel, H300s, H410s and 2 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. | ||||
| CVE-2023-35828 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2024-11-21 | 7 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. | ||||
| CVE-2023-35827 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. | ||||
| CVE-2023-35826 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. | ||||
| CVE-2023-35645 | 1 Google | 1 Android | 2024-11-21 | 6.4 Medium |
| In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-34438 | 1 Intel | 142 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 139 more | 2024-11-21 | 7.5 High |
| Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34349 | 1 Intel | 348 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 345 more | 2024-11-21 | 4.6 Medium |
| Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31083 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 4.7 Medium |
| An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. | ||||