Total
1767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32764 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 7.5 HIGH |
| Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-31758 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-31015 | 1 Agendaless | 1 Waitress | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. | |||||
| CVE-2022-30214 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2022-30212 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| Windows Connected Devices Platform Service Information Disclosure Vulnerability | |||||
| CVE-2022-30205 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| Windows Group Policy Elevation of Privilege Vulnerability | |||||
| CVE-2022-30028 | 1 Dradisframework | 1 Dradis | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. | |||||
| CVE-2022-2961 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2024-11-21 | N/A | 7.0 HIGH |
| A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2022-2959 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.0 HIGH |
| A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2022-2742 | 1 Google | 3 Chrome, Chrome Os, Linux And Chrome Os | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) | |||||
| CVE-2022-2623 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2617 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2609 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2608 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2607 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2590 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.0 HIGH |
| A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. | |||||
| CVE-2022-2160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | |||||
| CVE-2022-29582 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. | |||||
| CVE-2022-29527 | 1 Amazon | 1 Amazon Ssm Agent | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. | |||||
| CVE-2022-28796 | 4 Fedoraproject, Linux, Netapp and 1 more | 24 Fedora, Linux Kernel, Active Iq Unified Manager and 21 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. | |||||