Total
322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28183 | 2024-03-25 | N/A | 6.1 MEDIUM | ||
| ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1. | |||||
| CVE-2021-33632 | 2024-03-25 | N/A | 7.0 HIGH | ||
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2. | |||||
| CVE-2024-24692 | 1 Zoom | 1 Rooms | 2024-03-21 | N/A | 4.7 MEDIUM |
| Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2023-32282 | 2024-03-14 | N/A | 7.2 HIGH | ||
| Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-0163 | 2024-03-13 | N/A | 5.3 MEDIUM | ||
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | |||||
| CVE-2024-27297 | 2024-03-12 | N/A | 6.3 MEDIUM | ||
| Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-52556 | 2024-03-01 | N/A | N/A | ||
| In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic. | |||||
| CVE-2023-44188 | 1 Juniper | 1 Junos | 2024-02-21 | N/A | 5.3 MEDIUM |
| A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition. This issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart. Note: jkdsd is not shipped with SRX Series devices and therefore are not affected by this vulnerability. This issue affects: Juniper Networks Junos OS: * 20.4 versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.1 versions prior to 23.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1. | |||||
| CVE-2022-47631 | 2 Microsoft, Razer | 2 Windows, Synapse | 2024-02-16 | N/A | 7.8 HIGH |
| Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. | |||||
| CVE-2003-0813 | 1 Microsoft | 5 Windows 2000, Windows 98, Windows Nt and 2 more | 2024-02-15 | 5.1 MEDIUM | N/A |
| A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. | |||||
| CVE-2004-0594 | 6 Avaya, Debian, Hp and 3 more | 6 Converged Communications Server, Debian Linux, Hp-ux and 3 more | 2024-02-15 | 5.1 MEDIUM | N/A |
| The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | |||||
| CVE-2015-1743 | 1 Microsoft | 1 Internet Explorer | 2024-02-15 | 5.1 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748. | |||||
| CVE-2023-20521 | 1 Amd | 186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more | 2024-02-13 | N/A | 5.7 MEDIUM |
| TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | |||||
| CVE-2023-2007 | 3 Debian, Linux, Netapp | 13 Debian Linux, Linux Kernel, H300s and 10 more | 2024-02-01 | N/A | 7.8 HIGH |
| The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. | |||||
| CVE-2005-1111 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Cpio | 2024-01-26 | 3.7 LOW | 4.7 MEDIUM |
| Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | |||||
| CVE-2023-20135 | 1 Cisco | 1 Ios Xr | 2024-01-25 | N/A | 7.0 HIGH |
| A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device. | |||||
| CVE-2020-1337 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-19 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. | |||||
| CVE-2023-26438 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 3.1 LOW |
| External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. | |||||
| CVE-2023-43741 | 1 Buildkite | 1 Elastic Ci Stack | 2024-01-03 | N/A | 7.0 HIGH |
| A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | |||||
| CVE-2023-6690 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 2.0 LOW |
| A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||