Total
1897 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38000 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-33634 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-30198 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-24504 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-22035 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-30163 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2025-01-02 | 6.0 MEDIUM | 8.5 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2022-30128 | 1 Microsoft | 1 Edge Chromium | 2025-01-02 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-30127 | 1 Microsoft | 1 Edge Chromium | 2025-01-02 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-29116 | 1 Microsoft | 1 Windows 11 | 2025-01-02 | 4.7 MEDIUM | 4.7 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2022-29113 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2025-01-02 | 4.4 MEDIUM | 7.8 HIGH |
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | |||||
| CVE-2023-33170 | 2 Fedoraproject, Microsoft | 3 Fedora, .net, Visual Studio 2022 | 2025-01-01 | N/A | 8.1 HIGH |
| ASP.NET and Visual Studio Security Feature Bypass Vulnerability | |||||
| CVE-2021-46982 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix race condition of overwrite vs truncate pos_fsstress testcase complains a panic as belew: ------------[ cut here ]------------ kernel BUG at fs/f2fs/compress.c:1082! invalid opcode: 0000 [#1] SMP PTI CPU: 4 PID: 2753477 Comm: kworker/u16:2 Tainted: G OE 5.12.0-rc1-custom #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Workqueue: writeback wb_workfn (flush-252:16) RIP: 0010:prepare_compress_overwrite+0x4c0/0x760 [f2fs] Call Trace: f2fs_prepare_compress_overwrite+0x5f/0x80 [f2fs] f2fs_write_cache_pages+0x468/0x8a0 [f2fs] f2fs_write_data_pages+0x2a4/0x2f0 [f2fs] do_writepages+0x38/0xc0 __writeback_single_inode+0x44/0x2a0 writeback_sb_inodes+0x223/0x4d0 __writeback_inodes_wb+0x56/0xf0 wb_writeback+0x1dd/0x290 wb_workfn+0x309/0x500 process_one_work+0x220/0x3c0 worker_thread+0x53/0x420 kthread+0x12f/0x150 ret_from_fork+0x22/0x30 The root cause is truncate() may race with overwrite as below, so that one reference count left in page can not guarantee the page attaching in mapping tree all the time, after truncation, later find_lock_page() may return NULL pointer. - prepare_compress_overwrite - f2fs_pagecache_get_page - unlock_page - f2fs_setattr - truncate_setsize - truncate_inode_page - delete_from_page_cache - find_lock_page Fix this by avoiding referencing updated page. | |||||
| CVE-2022-31645 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | N/A | 7.8 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
| CVE-2024-53476 | 2024-12-28 | N/A | 5.9 MEDIUM | ||
| A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders. | |||||
| CVE-2024-21439 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 7.0 HIGH |
| Windows Telephony Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-21445 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-12-27 | N/A | 7.0 HIGH |
| Windows USB Print Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-6778 | 1 Google | 1 Chrome | 2024-12-26 | N/A | 7.5 HIGH |
| Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) | |||||
| CVE-2021-47382 | 1 Linux | 1 Linux Kernel | 2024-12-23 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed taking discipline_mutex inside qeth_do_reset(), fixing potential deadlocks. An error path was missed though, that still takes discipline_mutex and thus has the original deadlock potential. Intermittent deadlocks were seen when a qeth channel path is configured offline, causing a race between qeth_do_reset and ccwgroup_remove. Call qeth_set_offline() directly in the qeth_do_reset() error case and then a new variant of ccwgroup_set_offline(), without taking discipline_mutex. | |||||
| CVE-2024-27030 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-12-23 | N/A | 6.3 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time then two cores serve same event corrupting the data. | |||||
| CVE-2024-54510 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-20 | N/A | 5.1 MEDIUM |
| A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to leak sensitive kernel state. | |||||