Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54084 | 2025-03-11 | 7.5 High | ||
| APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. | ||||
| CVE-2024-27114 | 2 So Planning, Soplanning | 2 Simple Online Planning, Soplanning | 2025-03-11 | 9.8 Critical |
| A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02. | ||||
| CVE-2023-38041 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-03-07 | 7.0 High |
| A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | ||||
| CVE-2023-34046 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-03-07 | 6.7 Medium |
| VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | ||||
| CVE-2024-53694 | 2025-03-07 | N/A | ||
| A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later | ||||
| CVE-2024-53032 | 1 Qualcomm | 52 Qam8255p, Qam8255p Firmware, Qam8295p and 49 more | 2025-03-07 | 7.8 High |
| Memory corruption may occur in keyboard virtual device due to guest VM interaction. | ||||
| CVE-2023-20623 | 3 Google, Mediatek, Yoctoproject | 37 Android, Mt6580, Mt6735 and 34 more | 2025-03-06 | 6.4 Medium |
| In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778. | ||||
| CVE-2024-39508 | 1 Redhat | 1 Enterprise Linux | 2025-03-06 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags Utilize set_bit() and test_bit() on worker->flags within io_uring/io-wq to address potential data races. The structure io_worker->flags may be accessed through various data paths, leading to concurrency issues. When KCSAN is enabled, it reveals data races occurring in io_worker_handle_work and io_wq_activate_free_worker functions. BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28: io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569) io_wq_worker (io_uring/io-wq.c:?) <snip> read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5: io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285) io_wq_enqueue (io_uring/io-wq.c:947) io_queue_iowq (io_uring/io_uring.c:524) io_req_task_submit (io_uring/io_uring.c:1511) io_handle_tw_list (io_uring/io_uring.c:1198) <snip> Line numbers against commit 18daea77cca6 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm"). These races involve writes and reads to the same memory location by different tasks running on different CPUs. To mitigate this, refactor the code to use atomic operations such as set_bit(), test_bit(), and clear_bit() instead of basic "and" and "or" operations. This ensures thread-safe manipulation of worker flags. Also, move `create_index` to avoid holes in the structure. | ||||
| CVE-2023-20620 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2025-03-06 | 4.1 Medium |
| In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558. | ||||
| CVE-2024-53028 | 2025-03-05 | 7.8 High | ||
| Memory corruption may occur while processing message from frontend during allocation. | ||||
| CVE-2023-33156 | 1 Microsoft | 1 Malware Protection Engine | 2025-02-28 | 6.3 Medium |
| Microsoft Defender Elevation of Privilege Vulnerability | ||||
| CVE-2023-4155 | 3 Fedoraproject, Linux, Redhat | 7 Fedora, Linux Kernel, Enterprise Linux and 4 more | 2025-02-27 | 5.3 Medium |
| A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). | ||||
| CVE-2025-0759 | 1 Ibm | 1 Entirex | 2025-02-27 | 3.3 Low |
| IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization. | ||||
| CVE-2023-22883 | 1 Zoom | 1 Meetings | 2025-02-26 | 7.2 High |
| Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. | ||||
| CVE-2023-0778 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux, Openshift | 2025-02-24 | 6.8 Medium |
| A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. | ||||
| CVE-2023-35311 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-24 | 8.8 High |
| Microsoft Outlook Security Feature Bypass Vulnerability | ||||
| CVE-2022-36980 | 1 Ivanti | 1 Avalanche | 2025-02-18 | 8.1 High |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528. | ||||
| CVE-2025-26620 | 2025-02-18 | N/A | ||
| Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protocol parameters can return access tokens obtained with the wrong scope, resource indicator, or other protocol parameters. Such usage is somewhat atypical, and only a small percentage of users are likely to be affected. Duende.AccessTokenManagement can request access tokens using the client credentials flow in several ways. In basic usage, the client credentials flow is configured once and the parameters do not vary. In more advanced situations, requests with varying protocol parameters may be made by calling specific overloads of these methods: `HttpContext.GetClientAccessTokenAsync()` and `IClientCredentialsTokenManagementService.GetAccessTokenAsync()`. There are overloads of both of these methods that accept a `TokenRequestParameters` object that customizes token request parameters. However, concurrent requests with varying `TokenRequestParameters` will result in the same token for all concurrent calls. Most users can simply update the NuGet package to the latest version. Customizations of the `IClientCredentialsTokenCache` that derive from the default implementation (`DistributedClientCredentialsTokenCache`) will require a small code change, as its constructor was changed to add a dependency on the `ITokenRequestSynchronization` service. The synchronization service will need to be injected into the derived class and passed to the base constructor. The impact of this vulnerability depends on how Duende.AccessTokenManagement is used and on the security architecture of the solution. Most users will not be vulnerable to this issue. More advanced users may run into this issue by calling the methods specified above with customized token request parameters. The impact of obtaining an access token with different than intended protocol parameters will vary depending on application logic, security architecture, and the authorization policy of the resource servers. | ||||
| CVE-2024-41917 | 2025-02-18 | 7.5 High | ||
| Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-3093 | 1 Tesla | 8 Model 3, Model 3 Firmware, Model S and 5 more | 2025-02-14 | 6.4 Medium |
| This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463. | ||||