Race Condition
Monthly
In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. Rated high severity (CVSS 7.0).
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in bgpd in FRRouting (FRR) 8.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In video codec, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In audio ipi, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows Connected Devices Platform Service Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.
Windows Group Policy Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
In MDP, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In TEEI driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible type confusion due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In GED driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In GPU, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.
In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In TBD of TBD, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.0). No vendor patch available.
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
The kernel module has the race condition vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. Rated medium severity (CVSS 6.4).
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
A race condition was addressed with improved state handling. Rated medium severity (CVSS 4.7). No vendor patch available.
A race condition was addressed with improved locking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Description: A race condition was addressed with additional validation. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7).
Windows Digital Media Receiver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8).
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In aee daemon, there is a possible information disclosure due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.
In aee driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In aee driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. Rated high severity (CVSS 7.0). Public exploit code available.
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. Rated high severity (CVSS 7.0). Public exploit code available.
Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows Bluetooth Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows File Server Resource Management Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows File Explorer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Work Folder Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.
In SUB2AF, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. Rated high severity (CVSS 7.0).
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Zulip is an open source group chat application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 11.0%.
Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
An issue was discovered in the metrics-util crate before 0.7.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. Rated medium severity (CVSS 4.1).
In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. Rated high severity (CVSS 7.0).
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in bgpd in FRRouting (FRR) 8.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In video codec, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In audio ipi, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows Connected Devices Platform Service Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.
Windows Group Policy Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
In MDP, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In TEEI driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible type confusion due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In GED driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In GPU, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.
In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In TBD of TBD, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.0). No vendor patch available.
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
The kernel module has the race condition vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. Rated medium severity (CVSS 6.4).
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
A race condition was addressed with improved state handling. Rated medium severity (CVSS 4.7). No vendor patch available.
A race condition was addressed with improved locking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Description: A race condition was addressed with additional validation. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7).
Windows Digital Media Receiver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8).
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In aee daemon, there is a possible information disclosure due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.
In aee driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In aee driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. Rated high severity (CVSS 7.0). Public exploit code available.
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. Rated high severity (CVSS 7.0). Public exploit code available.
Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows Bluetooth Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows File Server Resource Management Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
Windows File Explorer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Work Folder Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.
In SUB2AF, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. Rated high severity (CVSS 7.0).
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Zulip is an open source group chat application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several. Rated high severity (CVSS 7.0). No vendor patch available.
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 11.0%.
Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
An issue was discovered in the metrics-util crate before 0.7.0 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. Rated medium severity (CVSS 4.1).