Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48618 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-02-14 | 7.0 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. | ||||
| CVE-2023-1295 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2025-02-13 | 7.8 High |
| A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93. | ||||
| CVE-2022-23084 | 1 Freebsd | 1 Freebsd | 2025-02-13 | 7.8 High |
| The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. | ||||
| CVE-2024-45560 | 1 Qualcomm | 74 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 71 more | 2025-02-12 | 7.8 High |
| Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer. | ||||
| CVE-2023-0006 | 1 Paloaltonetworks | 1 Globalprotect | 2025-02-07 | 6.3 Medium |
| A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition. | ||||
| CVE-2023-1586 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2025-02-05 | 6.5 Medium |
| Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 | ||||
| CVE-2023-1585 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2025-02-05 | 6.5 Medium |
| Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. | ||||
| CVE-2024-38418 | 1 Qualcomm | 124 C-v2x 9150, C-v2x 9150 Firmware, Csrb31024 and 121 more | 2025-02-05 | 7.8 High |
| Memory corruption while parsing the memory map info in IOCTL calls. | ||||
| CVE-2022-21198 | 1 Intel | 894 Celeron 1000m, Celeron 1000m Firmware, Celeron 1005m and 891 more | 2025-02-04 | 7.9 High |
| Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-53289 | 1 Dell | 1 Thinos | 2025-02-04 | 7.8 High |
| Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2025-22394 | 1 Dell | 1 Display Manager | 2025-02-04 | 6.7 Medium |
| Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation. | ||||
| CVE-2024-27134 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | 7 High |
| Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called. | ||||
| CVE-2022-38730 | 1 Docker | 1 Desktop | 2025-01-31 | 6.3 Medium |
| Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition. | ||||
| CVE-2024-0163 | 1 Dell | 116 Emc Xc Core Xc450, Emc Xc Core Xc450 Firmware, Emc Xc Core Xc650 and 113 more | 2025-01-31 | 5.3 Medium |
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | ||||
| CVE-2024-49046 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-30 | 7.8 High |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | ||||
| CVE-2024-43452 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-01-30 | 7.5 High |
| Windows Registry Elevation of Privilege Vulnerability | ||||
| CVE-2024-43511 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-29 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-39894 | 2025-01-29 | 7.5 High | ||
| OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. | ||||
| CVE-2021-46792 | 1 Amd | 110 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 107 more | 2025-01-28 | 5.9 Medium |
| Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. | ||||
| CVE-2021-26356 | 1 Amd | 196 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 193 more | 2025-01-28 | 7.4 High |
| A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | ||||