ReportizFlow
Filtered by vendor
Subscriptions
Total
1776 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11144 | 2024-12-16 | 7.5 High | ||
| The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services. | ||||
| CVE-2024-46971 | 2024-12-16 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | ||||
| CVE-2024-48872 | 2024-12-16 | 4.8 Medium | ||
| Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests | ||||
| CVE-2024-0041 | 1 Google | 1 Android | 2024-12-16 | 7.0 High |
| In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-1949 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 2.6 Low |
| A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts. | ||||
| CVE-2024-7885 | 1 Redhat | 19 Apache Camel Spring Boot, Build Keycloak, Build Of Apache Camel - Hawtio and 16 more | 2024-12-13 | 7.5 High |
| A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. | ||||
| CVE-2024-53102 | 2024-12-12 | 4.7 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-27876 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-12 | 8.1 High |
| A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | ||||
| CVE-2024-54122 | 2024-12-12 | 6.2 Medium | ||
| Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-54102 | 2024-12-12 | 6.1 Medium | ||
| Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-42974 | 1 Apple | 4 Ipad Os, Ipados, Iphone Os and 1 more | 2024-12-12 | 7.0 High |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-47974 | 2024-12-11 | 4.4 Medium | ||
| Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||||
| CVE-2024-47968 | 2024-12-11 | 4.4 Medium | ||
| Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||||
| CVE-2024-32993 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | 5.6 Medium |
| Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-26578 | 1 Apache | 1 Answer | 2024-12-11 | 5.9 Medium |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue. | ||||
| CVE-2023-36776 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 7 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2023-38159 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2024-12-10 | 7 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2023-38166 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 8.1 High |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2023-36698 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-12-10 | 4.4 Medium |
| Windows Kernel Security Feature Bypass Vulnerability | ||||
| CVE-2023-41774 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-12-10 | 8.1 High |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | ||||