Total
344 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-35090 | 1 Qualcomm | 112 Aqt1000, Aqt1000 Firmware, Qca6390 and 109 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2022-24335 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. | |||||
CVE-2021-30343 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, Qca6390 and 125 more | 2024-02-28 | 7.1 HIGH | 5.9 MEDIUM |
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2021-35111 | 1 Qualcomm | 75 Ar8035, Ar8035 Firmware, Qca6390 and 72 more | 2024-02-28 | 7.1 HIGH | 5.9 MEDIUM |
Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | |||||
CVE-2021-30347 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, Qca6390 and 125 more | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2022-28743 | 1 Foscam | 3 R2c, R2c Application Firmware, R2c System Firmware | 2024-02-28 | 8.5 HIGH | 6.6 MEDIUM |
Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera's Linux OS, an attacker could effectively change the code that is running, add backdoor access, or invade the privacy of the user by accessing the live camera stream. | |||||
CVE-2021-30342 | 1 Qualcomm | 190 Apq8009w, Apq8009w Firmware, Apq8017 and 187 more | 2024-02-28 | 7.1 HIGH | 5.9 MEDIUM |
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2022-23653 | 1 Backblaze | 1 B2 Command Line Tool | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. The command line tool saves API keys (and bucket name-to-id mapping) in a local database file (`$XDG_CONFIG_HOME/b2/account_info`, `~/.b2_account_info` or a user-defined path) when `b2 authorize-account` is first run. This happens regardless of whether a valid key is provided or not. When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory is readable by a local attacker and the user did not yet run `b2 authorize-account` then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Users that have not yet run `b2 authorize-account` should upgrade to B2 Command-Line Tool v3.2.1 before running it. Users that have run `b2 authorize-account` are safe if at the time of the file creation no other local users had read access to the local configuration file. Users that have run `b2 authorize-account` where the designated path could be opened by another local user should upgrade to B2 Command-Line Tool v3.2.1 and remove the database and regenerate all application keys. Note that `b2 clear-account` does not remove the database file and it should not be used to ensure that all open handles to the file are invalidated. If B2 Command-Line Tool cannot be upgraded to v3.2.1 due to a dependency conflict, a binary release can be used instead. Alternatively a new version could be installed within a virtualenv, or the permissions can be changed to prevent local users from opening the database file. | |||||
CVE-2021-22043 | 1 Vmware | 2 Esxi, Fusion | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files. | |||||
CVE-2022-20110 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6735 and 50 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901. | |||||
CVE-2022-1537 | 1 Gruntjs | 1 Grunt | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. | |||||
CVE-2022-27904 | 2 Apple, Automox | 2 Macos, Automox | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. | |||||
CVE-2022-0915 | 1 Logitech | 1 Sync | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user. | |||||
CVE-2022-24413 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 3.3 LOW | 3.6 LOW |
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. | |||||
CVE-2021-26350 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service. | |||||
CVE-2022-25165 | 1 Amazon | 1 Aws Client Vpn | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service. | |||||
CVE-2021-0897 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549. | |||||
CVE-2021-42835 | 2 Microsoft, Plex | 2 Windows, Media Server | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). | |||||
CVE-2021-33097 | 1 Intel | 1 Crypto Api Toolkit For Intel Sgx | 2024-02-28 | 6.0 MEDIUM | 6.6 MEDIUM |
Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
CVE-2022-23029 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |