Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3478 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41915 | 4 Debian, Fedoraproject, Openpmix and 1 more | 4 Debian Linux, Fedora, Openpmix and 1 more | 2024-11-21 | 8.1 High |
| OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | ||||
| CVE-2023-41914 | 2 Fedoraproject, Schedmd | 2 Fedora, Slurm | 2024-11-21 | 7.0 High |
| SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. | ||||
| CVE-2023-41830 | 2024-11-21 | 6.5 Medium | ||
| An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization. | ||||
| CVE-2023-41306 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 3.7 Low |
| Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable. | ||||
| CVE-2023-41090 | 1 Intel | 1 Memory And Storage Tool | 2024-11-21 | 1.8 Low |
| Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-40077 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-3765 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2024-11-21 | 10.0 Critical |
| Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | ||||
| CVE-2023-38672 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | 4.7 Medium |
| FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service. | ||||
| CVE-2023-38616 | 1 Apple | 1 Macos | 2024-11-21 | 7.0 High |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-38538 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 5 Medium |
| A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | ||||
| CVE-2023-38537 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 5.6 Medium |
| A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | ||||
| CVE-2023-38409 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). | ||||
| CVE-2023-37904 | 1 Discourse | 1 Discourse | 2024-11-21 | 2.6 Low |
| Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites. | ||||
| CVE-2023-37867 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2024-11-21 | 3.7 Low |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8. | ||||
| CVE-2023-37769 | 1 Pixman | 1 Pixman | 2024-11-21 | 6.5 Medium |
| stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. | ||||
| CVE-2023-37250 | 1 Unity | 1 Parsec | 2024-11-21 | 7.0 High |
| Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version. | ||||
| CVE-2023-35863 | 1 Madefornet | 1 Http Debugger | 2024-11-21 | 5.3 Medium |
| In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access. | ||||
| CVE-2023-35829 | 2 Linux, Netapp | 5 Linux Kernel, H300s, H410s and 2 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. | ||||
| CVE-2023-35828 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2024-11-21 | 7 High |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. | ||||
| CVE-2023-35827 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. | ||||