Total
339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2032 | 1 Paloaltonetworks | 1 Globalprotect | 2020-06-16 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows. | |||||
| CVE-2020-0204 | 1 Google | 1 Android | 2020-06-15 | 5.1 MEDIUM | 7.0 HIGH |
| In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check for an OS update with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136498130 | |||||
| CVE-2020-3680 | 1 Qualcomm | 36 Apq8009, Apq8009 Firmware, Apq8053 and 33 more | 2020-06-03 | 6.9 MEDIUM | 7.0 HIGH |
| A race condition can occur when using the fastrpc memory mapping API. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, QCS605, QM215, SA415M, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SXR1130 | |||||
| CVE-2020-3808 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2020-03-27 | 5.8 MEDIUM | 5.9 MEDIUM |
| Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion. | |||||
| CVE-2019-15608 | 1 Yarnpkg | 1 Yarn | 2020-03-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. | |||||
| CVE-2020-8890 | 1 Misp | 1 Misp | 2020-02-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests. | |||||
| CVE-2019-11482 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2020-02-12 | 1.9 LOW | 4.7 MEDIUM |
| Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. | |||||
| CVE-2019-17102 | 1 Bitdefender | 2 Box 2, Box 2 Firmware | 2020-02-03 | 9.3 HIGH | 8.1 HIGH |
| An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36. | |||||
| CVE-2019-20000 | 1 Bullguard | 1 Premium Protection | 2020-01-08 | 5.8 MEDIUM | 5.9 MEDIUM |
| The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted. | |||||
| CVE-2012-5630 | 3 Fedoraproject, Libuser Project, Redhat | 3 Fedora, Libuser, Enterprise Linux | 2019-12-04 | 3.3 LOW | 6.3 MEDIUM |
| libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | |||||
| CVE-2019-10486 | 1 Qualcomm | 72 Apq8009, Apq8009 Firmware, Apq8017 and 69 more | 2019-11-26 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150 | |||||
| CVE-2019-18644 | 1 Totaldefense | 1 Anti-virus | 2019-11-01 | 5.8 MEDIUM | 5.9 MEDIUM |
| The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted. | |||||
| CVE-2017-0331 | 2 Google, Linux | 2 Android, Linux Kernel | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. | |||||
| CVE-2017-0412 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926. | |||||
| CVE-2018-8449 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8584 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | |||||
| CVE-2018-0966 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2017-0411 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690. | |||||
| CVE-2017-0756 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. | |||||