Total
1495 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-36884 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-06-27 | 7.5 High |
Windows Search Remote Code Execution Vulnerability | ||||
CVE-2024-35255 | 1 Microsoft | 2 Authentication Library, Azure Identity Sdk | 2024-06-27 | 5.5 Medium |
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||||
CVE-2024-24861 | 1 Linux | 1 Linux Kernel | 2024-06-27 | 6.3 Medium |
A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue. | ||||
CVE-2024-27020 | 1 Linux | 1 Linux Kernel | 2024-06-27 | 7.0 High |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process. | ||||
CVE-2024-24858 | 1 Linux | 1 Linux Kernel | 2024-06-27 | 5.3 Medium |
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. | ||||
CVE-2024-24857 | 1 Linux | 1 Linux Kernel | 2024-06-27 | 6.8 Medium |
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. | ||||
CVE-2010-5175 | 2 Microsoft, Pwicorp | 2 Windows Xp, Privatefirewall | 2024-06-26 | N/A |
Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | ||||
CVE-2010-5164 | 2 Kingsoft, Microsoft | 2 Personal Firewall 9, Windows Xp | 2024-06-26 | N/A |
Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | ||||
CVE-2010-5153 | 2 Avira, Microsoft | 2 Premium Security Suite, Windows Xp | 2024-06-26 | N/A |
Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | ||||
CVE-2024-26910 | 1 Linux | 1 Linux Kernel | 2024-06-25 | 4.7 Medium |
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback. | ||||
CVE-2024-24860 | 1 Linux | 1 Linux Kernel | 2024-06-25 | 5.3 Medium |
A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||||
CVE-2022-26829 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-06-24 | 6.6 Medium |
Windows DNS Server Remote Code Execution Vulnerability | ||||
CVE-2022-26828 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2024-06-24 | 7.0 High |
Windows Bluetooth Driver Elevation of Privilege Vulnerability | ||||
CVE-2022-26827 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-06-24 | 7.0 High |
Windows File Server Resource Management Service Elevation of Privilege Vulnerability | ||||
CVE-2022-26822 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-06-24 | 6.6 Medium |
Windows DNS Server Remote Code Execution Vulnerability | ||||
CVE-2022-26821 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-06-24 | 6.6 Medium |
Windows DNS Server Remote Code Execution Vulnerability | ||||
CVE-2022-26820 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-06-24 | 6.6 Medium |
Windows DNS Server Remote Code Execution Vulnerability | ||||
CVE-2022-26819 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-06-24 | 6.6 Medium |
Windows DNS Server Remote Code Execution Vulnerability | ||||
CVE-2022-26817 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-06-24 | 6.6 Medium |
Windows DNS Server Remote Code Execution Vulnerability | ||||
CVE-2022-26814 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-06-24 | 6.6 Medium |
Windows DNS Server Remote Code Execution Vulnerability |