Vulnerabilities (CVE)

Filtered by CWE-362
Total 1271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3623 1 Linux 1 Linux Kernel 2023-01-26 N/A 7.5 HIGH
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.
CVE-2016-4247 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2023-01-26 2.6 LOW 5.3 MEDIUM
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors.
CVE-2015-10067 1 Ssharpsmartthreadpool Project 1 Ssharpsmartthreadpool 2023-01-25 N/A 8.1 HIGH
A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The name of the patch is 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463.
CVE-2023-22499 1 Deno 1 Deno 2023-01-25 N/A 7.5 HIGH
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message. This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can’t be reliably reproduced on every try. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). The problem has been fixed in Deno v1.29.3; it is recommended all users update to this version. Users are advised to upgrade. Users unable to upgrade may run with --no-prompt flag to disable interactive permission prompts.
CVE-2022-45888 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2023-01-20 N/A 6.4 MEDIUM
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
CVE-2022-45886 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2023-01-20 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45885 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2023-01-20 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
CVE-2022-45887 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2023-01-20 N/A 4.7 MEDIUM
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45884 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2023-01-20 N/A 7.0 HIGH
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
CVE-2022-4037 1 Gitlab 1 Gitlab 2023-01-20 N/A 8.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.
CVE-2014-0100 1 Linux 1 Linux Kernel 2023-01-19 9.3 HIGH N/A
Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.
CVE-2016-7911 1 Linux 1 Linux Kernel 2023-01-19 9.3 HIGH 7.8 HIGH
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
CVE-2023-21766 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2023-01-18 N/A 4.7 MEDIUM
Windows Overlay Filter Information Disclosure Vulnerability.
CVE-2023-21725 1 Microsoft 1 Windows Malicious Software Removal Tool 2023-01-18 N/A 6.3 MEDIUM
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability.
CVE-2023-21733 1 Microsoft 6 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 3 more 2023-01-18 N/A 7.0 HIGH
Windows Bind Filter Driver Elevation of Privilege Vulnerability.
CVE-2023-21771 1 Microsoft 3 Windows 10, Windows 11, Windows Server 2022 2023-01-18 N/A 7.0 HIGH
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability.
CVE-2023-21679 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2023-01-18 N/A 8.1 HIGH
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556.
CVE-2014-9914 2 Google, Linux 2 Android, Linux Kernel 2023-01-17 7.2 HIGH 7.8 HIGH
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.
CVE-2016-8655 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2023-01-17 7.2 HIGH 7.8 HIGH
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
CVE-2016-9794 1 Linux 1 Linux Kernel 2023-01-17 7.2 HIGH 7.8 HIGH
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.