Total
474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42483 | 1 Samsung | 14 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 11 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system. | |||||
| CVE-2023-37867 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2024-11-21 | N/A | 3.7 LOW |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8. | |||||
| CVE-2023-37250 | 1 Unity | 1 Parsec | 2024-11-21 | N/A | 7.0 HIGH |
| Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version. | |||||
| CVE-2023-35378 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.0 HIGH |
| Windows Projected File System Elevation of Privilege Vulnerability | |||||
| CVE-2023-33832 | 2 Ibm, Linux | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012. | |||||
| CVE-2023-33156 | 1 Microsoft | 1 Malware Protection Engine | 2024-11-21 | N/A | 6.3 MEDIUM |
| Microsoft Defender Elevation of Privilege Vulnerability | |||||
| CVE-2023-33154 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Partition Management Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-32555 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | |||||
| CVE-2023-32554 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | |||||
| CVE-2023-32282 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-2007 | 3 Debian, Linux, Netapp | 13 Debian Linux, Linux Kernel, H300s and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. | |||||
| CVE-2023-29337 | 1 Microsoft | 1 Nuget | 2024-11-21 | N/A | 7.1 HIGH |
| NuGet Client Remote Code Execution Vulnerability | |||||
| CVE-2023-28576 | 1 Qualcomm | 62 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 59 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues. | |||||
| CVE-2023-28075 | 1 Dell | 484 Alienware M15 R7, Alienware M15 R7 Firmware, Alienware M16 and 481 more | 2024-11-21 | N/A | 6.9 MEDIUM |
| Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. | |||||
| CVE-2023-27470 | 2 Microsoft, N-able | 2 Windows, Take Control | 2024-11-21 | N/A | 7.0 HIGH |
| BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. | |||||
| CVE-2023-26438 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | N/A | 4.3 MEDIUM |
| External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. | |||||
| CVE-2023-26299 | 1 Hp | 118 200 G3, 200 G3 Firmware, 200 G4 22 All-in-one and 115 more | 2024-11-21 | N/A | 7.0 HIGH |
| A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability. | |||||
| CVE-2023-24861 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.0 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2023-23389 | 1 Microsoft | 1 Malware Protection Engine | 2024-11-21 | N/A | 6.3 MEDIUM |
| Microsoft Defender Elevation of Privilege Vulnerability | |||||
| CVE-2023-22883 | 1 Zoom | 1 Meetings | 2024-11-21 | N/A | 7.2 HIGH |
| Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. | |||||