Filtered by vendor
Subscriptions
Total
429 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-39826 | 2024-11-21 | 6.8 Medium | ||
Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access. | ||||
CVE-2024-39821 | 2024-11-21 | 6.6 Medium | ||
Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. | ||||
CVE-2024-39420 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7 High |
Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-38186 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-11-21 | 7.8 High |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-36304 | 2024-11-21 | 7.8 High | ||
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2024-35265 | 1 Microsoft | 12 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 9 more | 2024-11-21 | 7 High |
Windows Perception Service Elevation of Privilege Vulnerability | ||||
CVE-2024-34528 | 1 Wordopsproject | 1 Wordops | 2024-11-21 | 7.7 High |
WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. | ||||
CVE-2024-32482 | 2024-11-21 | 2.2 Low | ||
The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available. | ||||
CVE-2024-30471 | 1 Apache | 1 Streampipes | 2024-11-21 | 3.7 Low |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | ||||
CVE-2024-30099 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-11-21 | 7 High |
Windows Kernel Elevation of Privilege Vulnerability | ||||
CVE-2024-30084 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-11-21 | 7 High |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-2913 | 2024-11-21 | N/A | ||
A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. | ||||
CVE-2024-2440 | 2024-11-21 | 5.5 Medium | ||
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
CVE-2024-29149 | 2024-11-21 | 7.4 High | ||
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process. | ||||
CVE-2024-29066 | 1 Microsoft | 8 Windows Server 2008 R2, Windows Server 2008 Sp2, Windows Server 2012 and 5 more | 2024-11-21 | 7.2 High |
Windows Distributed File System (DFS) Remote Code Execution Vulnerability | ||||
CVE-2024-29062 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-11-21 | 7.1 High |
Secure Boot Security Feature Bypass Vulnerability | ||||
CVE-2024-28718 | 2024-11-21 | 9.8 Critical | ||
An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. | ||||
CVE-2024-28183 | 2024-11-21 | 6.1 Medium | ||
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1. | ||||
CVE-2024-28137 | 2024-11-21 | 7.8 High | ||
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. | ||||
CVE-2024-27361 | 2024-11-21 | 5.1 Medium | ||
A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, and Exynos 2400 that involves a time-of-check to time-of-use (TOCTOU) race condition, which can lead to a Denial of Service. |