Export limit exceeded: 336746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3431 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40307 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 4.7 Medium |
| An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | ||||
| CVE-2022-3702 | 1 Lenovo | 3 Hardware Scan Addin, Hardware Scan Plugin, System Update Plugin | 2024-11-21 | 6.1 Medium |
| A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions. | ||||
| CVE-2022-3701 | 1 Lenovo | 3 Hardware Scan Addin, Hardware Scan Plugin, System Update Plugin | 2024-11-21 | 7.8 High |
| A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. | ||||
| CVE-2022-3700 | 1 Lenovo | 3 Hardware Scan Addin, Hardware Scan Plugin, System Update Plugin | 2024-11-21 | 6.1 Medium |
| A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files. | ||||
| CVE-2022-3564 | 4 Debian, Linux, Netapp and 1 more | 17 Debian Linux, Linux Kernel, H300s and 14 more | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. | ||||
| CVE-2022-3061 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. | ||||
| CVE-2022-3028 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | 7.0 High |
| A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. | ||||
| CVE-2022-39188 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | 4.7 Medium |
| An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. | ||||
| CVE-2022-39006 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.9 Medium |
| The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart. | ||||
| CVE-2022-38865 | 2 Debian, Mplayerhq | 3 Debian Linux, Mencoder, Mplayer | 2024-11-21 | 5.5 Medium |
| Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | ||||
| CVE-2022-38860 | 2 Debian, Mplayerhq | 3 Debian Linux, Mencoder, Mplayer | 2024-11-21 | 5.5 Medium |
| Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | ||||
| CVE-2022-38850 | 2 Debian, Mplayerhq | 2 Debian Linux, Mencoder | 2024-11-21 | 5.5 Medium |
| The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. | ||||
| CVE-2022-38266 | 3 Debian, Leptonica, Tesseract Project | 3 Debian Linux, Leptonica, Tesseract | 2024-11-21 | 6.5 Medium |
| An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. | ||||
| CVE-2022-34899 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16134. | ||||
| CVE-2022-34892 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16396. | ||||
| CVE-2022-33915 | 1 Amazon | 1 Hotpatch | 2024-11-21 | 7 High |
| Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. | ||||
| CVE-2022-33691 | 2 Google, Samsung | 2 Android, Exynos 9820 | 2024-11-21 | 6.2 Medium |
| A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations. | ||||
| CVE-2022-33270 | 1 Qualcomm | 84 Ar8035, Ar8035 Firmware, Qca6391 and 81 more | 2024-11-21 | 7.5 High |
| Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message. | ||||
| CVE-2022-33257 | 1 Qualcomm | 280 Aqt1000, Aqt1000 Firmware, Ar8031 and 277 more | 2024-11-21 | 9.3 Critical |
| Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. | ||||
| CVE-2022-31758 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 4.7 Medium |
| The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||