| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-22499 |
362 |
|
|
2023-01-17 |
2023-01-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message. This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can’t be reliably reproduced on every try. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). The problem has been fixed in Deno v1.29.3; it is recommended all users update to this version. Users are advised to upgrade. Users unable to upgrade may run with --no-prompt flag to disable interactive permission prompts. |
|
2 |
CVE-2023-21771 |
362 |
|
|
2023-01-10 |
2023-01-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability. |
|
3 |
CVE-2023-21766 |
362 |
|
|
2023-01-10 |
2023-01-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Overlay Filter Information Disclosure Vulnerability. |
|
4 |
CVE-2023-21733 |
362 |
|
|
2023-01-10 |
2023-01-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Bind Filter Driver Elevation of Privilege Vulnerability. |
|
5 |
CVE-2023-21725 |
362 |
|
|
2023-01-10 |
2023-01-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability. |
|
6 |
CVE-2023-21679 |
362 |
|
Exec Code |
2023-01-10 |
2023-01-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556. |
|
7 |
CVE-2023-21546 |
362 |
|
Exec Code |
2023-01-10 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21555, CVE-2023-21556, CVE-2023-21679. |
|
8 |
CVE-2023-21542 |
362 |
|
|
2023-01-10 |
2023-01-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Installer Elevation of Privilege Vulnerability. |
|
9 |
CVE-2023-21536 |
362 |
|
|
2023-01-10 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21753. |
|
10 |
CVE-2023-21535 |
362 |
|
Exec Code |
2023-01-10 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. |
|
11 |
CVE-2022-46689 |
362 |
|
Exec Code |
2022-12-15 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. |
|
12 |
CVE-2022-46174 |
362 |
|
|
2022-12-28 |
2023-01-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later. |
|
13 |
CVE-2022-45888 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. |
|
14 |
CVE-2022-45887 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. |
|
15 |
CVE-2022-45886 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. |
|
16 |
CVE-2022-45885 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. |
|
17 |
CVE-2022-45884 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. |
|
18 |
CVE-2022-45869 |
362 |
|
DoS Mem. Corr. |
2022-11-30 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. |
|
19 |
CVE-2022-44676 |
362 |
|
Exec Code |
2022-12-13 |
2022-12-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44670. |
|
20 |
CVE-2022-44669 |
362 |
|
|
2022-12-13 |
2022-12-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Error Reporting Elevation of Privilege Vulnerability. |
|
21 |
CVE-2022-44563 |
362 |
|
|
2022-11-09 |
2022-11-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. |
|
22 |
CVE-2022-44034 |
362 |
|
|
2022-10-30 |
2022-11-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove(). |
|
23 |
CVE-2022-44033 |
362 |
|
|
2022-10-30 |
2022-11-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). |
|
24 |
CVE-2022-44032 |
362 |
|
|
2022-10-30 |
2022-11-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach(). |
|
25 |
CVE-2022-42930 |
362 |
|
|
2022-12-22 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the <code>ThirdPartyUtil</code> component. This vulnerability affects Firefox < 106. |
|
26 |
CVE-2022-42864 |
362 |
|
Exec Code |
2022-12-15 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. |
|
27 |
CVE-2022-42832 |
362 |
|
Exec Code |
2022-11-01 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. |
|
28 |
CVE-2022-42831 |
362 |
|
Exec Code |
2022-11-01 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. |
|
29 |
CVE-2022-42806 |
362 |
|
Exec Code |
2022-11-01 |
2022-11-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
|
30 |
CVE-2022-42803 |
362 |
|
Exec Code |
2022-11-01 |
2022-11-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. |
|
31 |
CVE-2022-42791 |
362 |
|
Exec Code |
2022-11-01 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
|
32 |
CVE-2022-42771 |
362 |
|
DoS |
2022-12-06 |
2022-12-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. |
|
33 |
CVE-2022-42770 |
362 |
|
DoS |
2022-12-06 |
2022-12-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. |
|
34 |
CVE-2022-41850 |
362 |
|
|
2022-09-30 |
2022-12-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. |
|
35 |
CVE-2022-41849 |
362 |
|
|
2022-09-30 |
2022-12-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. |
|
36 |
CVE-2022-41848 |
362 |
|
|
2022-09-30 |
2022-10-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. |
|
37 |
CVE-2022-41118 |
362 |
|
Exec Code |
2022-11-09 |
2022-11-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128. |
|
38 |
CVE-2022-41116 |
362 |
|
DoS |
2022-11-09 |
2022-11-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090. |
|
39 |
CVE-2022-41114 |
362 |
|
|
2022-11-09 |
2022-11-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Bind Filter Driver Elevation of Privilege Vulnerability. |
|
40 |
CVE-2022-41100 |
362 |
|
|
2022-11-09 |
2022-11-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093. |
|
41 |
CVE-2022-41093 |
362 |
|
|
2022-11-09 |
2022-11-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100. |
|
42 |
CVE-2022-41090 |
362 |
|
DoS |
2022-11-09 |
2022-11-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41116. |
|
43 |
CVE-2022-41088 |
362 |
|
Exec Code |
2022-11-09 |
2022-11-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41044. |
|
44 |
CVE-2022-41086 |
362 |
|
|
2022-11-09 |
2022-11-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37992. |
|
45 |
CVE-2022-41045 |
362 |
|
|
2022-11-09 |
2022-11-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100. |
|
46 |
CVE-2022-41044 |
362 |
|
Exec Code |
2022-11-09 |
2022-11-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41039, CVE-2022-41088. |
|
47 |
CVE-2022-41039 |
362 |
|
Exec Code |
2022-11-09 |
2022-11-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41044, CVE-2022-41088. |
|
48 |
CVE-2022-41035 |
362 |
|
|
2022-10-11 |
2022-11-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability. |
|
49 |
CVE-2022-40310 |
362 |
|
|
2022-09-23 |
2022-09-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes. |
|
50 |
CVE-2022-40130 |
362 |
|
|
2022-11-18 |
2022-11-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. |
