Total
322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1585 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2023-05-01 | N/A | 6.3 MEDIUM |
| Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. | |||||
| CVE-2023-1586 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2023-05-01 | N/A | 4.7 MEDIUM |
| Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 | |||||
| CVE-2023-0006 | 1 Paloaltonetworks | 1 Globalprotect | 2023-04-21 | N/A | 6.3 MEDIUM |
| A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition. | |||||
| CVE-2022-25696 | 1 Qualcomm | 183 Apq8053, Apq8053 Firmware, Aqt1000 and 180 more | 2023-04-19 | N/A | 7.0 HIGH |
| Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-22093 | 1 Qualcomm | 111 Aqt1000, Aqt1000 Firmware, Qca6390 and 108 more | 2023-04-19 | N/A | 7.0 HIGH |
| Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-30347 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, Qca6390 and 125 more | 2023-04-19 | 9.3 HIGH | 8.1 HIGH |
| Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-33214 | 1 Qualcomm | 204 Aqt1000, Aqt1000 Firmware, Qam8295p and 201 more | 2023-04-19 | N/A | 7.0 HIGH |
| Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-22094 | 1 Qualcomm | 111 Aqt1000, Aqt1000 Firmware, Qca6390 and 108 more | 2023-04-19 | N/A | 7.0 HIGH |
| memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-30343 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, Qca6390 and 125 more | 2023-04-19 | 7.1 HIGH | 5.9 MEDIUM |
| Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35111 | 1 Qualcomm | 75 Ar8035, Ar8035 Firmware, Qca6390 and 72 more | 2023-04-19 | 7.1 HIGH | 5.9 MEDIUM |
| Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | |||||
| CVE-2022-3093 | 1 Tesla | 8 Model 3, Model 3 Firmware, Model S and 5 more | 2023-04-06 | N/A | 6.4 MEDIUM |
| This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463. | |||||
| CVE-2022-36980 | 1 Ivanti | 1 Avalanche | 2023-04-06 | N/A | 8.1 HIGH |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528. | |||||
| CVE-2022-1537 | 1 Gruntjs | 1 Grunt | 2023-04-05 | 6.9 MEDIUM | 7.0 HIGH |
| file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. | |||||
| CVE-2023-0778 | 2 Podman Project, Redhat | 2 Podman, Enterprise Linux | 2023-04-03 | N/A | 6.8 MEDIUM |
| A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. | |||||
| CVE-2019-1065 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-03-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1041. | |||||
| CVE-2019-11774 | 1 Eclipse | 1 Omr | 2023-03-24 | 5.8 MEDIUM | 7.4 HIGH |
| Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. | |||||
| CVE-2023-22883 | 1 Zoom | 1 Meetings | 2023-03-23 | N/A | 7.8 HIGH |
| Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. | |||||
| CVE-2023-20620 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2023-03-13 | N/A | 4.1 MEDIUM |
| In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558. | |||||
| CVE-2023-20623 | 3 Google, Mediatek, Yoctoproject | 37 Android, Mt6580, Mt6735 and 34 more | 2023-03-13 | N/A | 6.4 MEDIUM |
| In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778. | |||||
| CVE-2022-44670 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-03-10 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||