Total
519 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15404 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page. | ||||
| CVE-2015-7810 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 4.7 Medium |
| libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | ||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | N/A |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-11-21 | N/A |
| __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2013-4235 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, Shadow, Fedora and 1 more | 2024-11-21 | 4.7 Medium |
| shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | ||||
| CVE-2012-5630 | 3 Fedoraproject, Libuser Project, Redhat | 3 Fedora, Libuser, Enterprise Linux | 2024-11-21 | 6.3 Medium |
| libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | ||||
| CVE-2011-4126 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 8.1 High |
| Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere. | ||||
| CVE-2024-38407 | 1 Qualcomm | 89 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 86 more | 2024-11-16 | 7.8 High |
| Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver. | ||||
| CVE-2024-38406 | 1 Qualcomm | 89 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 86 more | 2024-11-16 | 7.8 High |
| Memory corruption while handling IOCTL calls in JPEG Encoder driver. | ||||
| CVE-2024-22185 | 1 Intel | 2 4th Generation Intel Xeon Processor Scalable Family, 5th Generation Intel Xeon Processor Scalable Family | 2024-11-15 | 7.2 High |
| Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-48322 | 1 Run.codes | 1 Run.codes | 2024-11-12 | 8.1 High |
| UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability. | ||||
| CVE-2024-50592 | 1 Hasomed | 1 Elefant Software Updater | 2024-11-08 | 7 High |
| An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a list of files and their hashes. In addition, instructions to execute binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITY\SYSTEM" after they are copied over to the user writable installation folder (C:\Elefant1). This means that a user can overwrite either "PostESUUpdate.exe" or "Update_OpenJava.exe" in the time frame after the copy and before the execution of the final repair step. The overwritten executable is then executed as "NT AUTHORITY\SYSTEM". | ||||
| CVE-2024-49768 | 3 Agendaless, Pylons, Redhat | 4 Waitress, Waitress, Openshift Ironic and 1 more | 2024-11-07 | 9.1 Critical |
| Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature. | ||||
| CVE-2024-5803 | 1 Avg | 1 Avg Anti-virus | 2024-10-04 | 7.5 High |
| The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled. | ||||
| CVE-2024-0132 | 2 Linux, Nvidia | 5 Linux Kernel, Container Toolkit, Gpu Operator and 2 more | 2024-10-02 | 9 Critical |
| NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0133 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2024-10-02 | 4.1 Medium |
| NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. | ||||
| CVE-2024-6787 | 1 Moxa | 1 Mxview One | 2024-09-30 | 5.3 Medium |
| This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. | ||||
| CVE-2024-39425 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-15 | 7 High |
| Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high. | ||||
| CVE-2023-32001 | 2023-11-07 | 5.5 Medium | ||
| We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. | ||||