Total
532 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4126 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 8.1 High |
| Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere. | ||||
| CVE-2024-38407 | 1 Qualcomm | 89 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 86 more | 2024-11-16 | 7.8 High |
| Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver. | ||||
| CVE-2024-38406 | 1 Qualcomm | 89 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 86 more | 2024-11-16 | 7.8 High |
| Memory corruption while handling IOCTL calls in JPEG Encoder driver. | ||||
| CVE-2024-22185 | 1 Intel | 2 4th Generation Intel Xeon Processor Scalable Family, 5th Generation Intel Xeon Processor Scalable Family | 2024-11-15 | 7.2 High |
| Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-48322 | 1 Run.codes | 1 Run.codes | 2024-11-12 | 8.1 High |
| UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability. | ||||
| CVE-2024-49768 | 3 Agendaless, Pylons, Redhat | 4 Waitress, Waitress, Openshift Ironic and 1 more | 2024-11-07 | 9.1 Critical |
| Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature. | ||||
| CVE-2024-5803 | 1 Avg | 1 Avg Anti-virus | 2024-10-04 | 7.5 High |
| The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled. | ||||
| CVE-2024-0132 | 2 Linux, Nvidia | 5 Linux Kernel, Container Toolkit, Gpu Operator and 2 more | 2024-10-02 | 9 Critical |
| NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0133 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2024-10-02 | 4.1 Medium |
| NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. | ||||
| CVE-2024-6787 | 1 Moxa | 1 Mxview One | 2024-09-30 | 5.3 Medium |
| This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. | ||||
| CVE-2024-39425 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-15 | 7 High |
| Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high. | ||||
| CVE-2023-32001 | 2023-11-07 | 5.5 Medium | ||
| We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. | ||||