Total
262 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-43777 | 1 Hp | 774 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 771 more | 2023-12-10 | N/A | 7.8 HIGH |
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | |||||
CVE-2023-0006 | 1 Paloaltonetworks | 1 Globalprotect | 2023-12-10 | N/A | 6.3 MEDIUM |
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition. | |||||
CVE-2022-27541 | 1 Hp | 774 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 771 more | 2023-12-10 | N/A | 7.8 HIGH |
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | |||||
CVE-2023-32555 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.0 HIGH |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | |||||
CVE-2023-32554 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.0 HIGH |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | |||||
CVE-2022-31637 | 1 Hp | 806 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 803 more | 2023-12-10 | N/A | 7.8 HIGH |
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
CVE-2023-1586 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2023-12-10 | N/A | 4.7 MEDIUM |
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 | |||||
CVE-2022-36980 | 1 Ivanti | 1 Avalanche | 2023-12-10 | N/A | 8.1 HIGH |
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528. | |||||
CVE-2021-46792 | 1 Amd | 110 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 107 more | 2023-12-10 | N/A | 5.9 MEDIUM |
Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. | |||||
CVE-2022-31635 | 1 Hp | 806 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 803 more | 2023-12-10 | N/A | 7.8 HIGH |
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
CVE-2022-31640 | 1 Hp | 582 Elite Dragonfly, Elite Dragonfly Firmware, Elite Dragonfly G2 and 579 more | 2023-12-10 | N/A | 7.0 HIGH |
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
CVE-2022-31638 | 1 Hp | 806 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 803 more | 2023-12-10 | N/A | 7.8 HIGH |
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | |||||
CVE-2022-27539 | 1 Hp | 774 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 771 more | 2023-12-10 | N/A | 7.8 HIGH |
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | |||||
CVE-2023-25394 | 1 Getvideostream | 1 Videostream | 2023-12-10 | N/A | 7.0 HIGH |
Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours. | |||||
CVE-2023-20620 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2023-12-10 | N/A | 4.1 MEDIUM |
In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558. | |||||
CVE-2023-23520 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-10 | N/A | 5.9 MEDIUM |
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root. | |||||
CVE-2022-22753 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2023-12-10 | N/A | 7.1 HIGH |
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||
CVE-2022-26387 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | N/A | 7.5 HIGH |
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | |||||
CVE-2022-25716 | 1 Qualcomm | 14 Sd888 5g, Sd888 5g Firmware, Wcd9380 and 11 more | 2023-12-10 | N/A | 7.0 HIGH |
Memory corruption in Multimedia Framework due to unsafe access to the data members | |||||
CVE-2022-32638 | 2 Google, Mediatek | 30 Android, Mt6781, Mt6833 and 27 more | 2023-12-10 | N/A | 6.4 MEDIUM |
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494449; Issue ID: ALPS07494449. |