Total
2370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28305 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2026-06-17 | N/A | 6.6 MEDIUM |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2023-28278 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2026-06-17 | N/A | 6.6 MEDIUM |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2023-28273 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 6 more | 2026-06-17 | N/A | 7.0 HIGH |
| Windows Clip Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-28232 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 7.5 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2023-28201 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-28144 | 1 Kdab | 1 Hotspot | 2026-06-17 | N/A | 7.0 HIGH |
| KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. | |||||
| CVE-2023-28142 | 1 Qualys | 1 Cloud Agent | 2026-06-17 | N/A | 6.7 MEDIUM |
| A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life. | |||||
| CVE-2023-28126 | 1 Ivanti | 1 Avalanche | 2026-06-17 | N/A | 5.9 MEDIUM |
| An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | |||||
| CVE-2023-28125 | 1 Ivanti | 1 Avalanche | 2026-06-17 | N/A | 5.9 MEDIUM |
| An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | |||||
| CVE-2023-27952 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 4.7 MEDIUM |
| A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | |||||
| CVE-2023-27359 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2026-06-17 | N/A | 8.1 HIGH |
| TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. . Was ZDI-CAN-19664. | |||||
| CVE-2023-26980 | 1 Pax | 2 A920 Pro, Paydroid | 2026-06-17 | N/A | 7.0 HIGH |
| PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications. | |||||
| CVE-2023-24903 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2026-06-17 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2023-24899 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2026-06-17 | N/A | 7.0 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2023-24861 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 7.0 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2023-24042 | 1 Hfiref0x | 1 Lightftp | 2026-06-17 | N/A | 7.5 HIGH |
| A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. | |||||
| CVE-2023-23407 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 7.1 HIGH |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | |||||
| CVE-2023-23404 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2026-06-17 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2023-23393 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2026-06-17 | N/A | 7.0 HIGH |
| Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-23039 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.7 MEDIUM |
| An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | |||||