Filtered by CWE-367
Filtered by vendor Subscriptions
Total 429 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-39826 2024-11-21 6.8 Medium
Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.
CVE-2024-39821 2024-11-21 6.6 Medium
Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access.
CVE-2024-39420 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 7 High
Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-38186 1 Microsoft 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more 2024-11-21 7.8 High
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-36304 2024-11-21 7.8 High
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-35265 1 Microsoft 12 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 9 more 2024-11-21 7 High
Windows Perception Service Elevation of Privilege Vulnerability
CVE-2024-34528 1 Wordopsproject 1 Wordops 2024-11-21 7.7 High
WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation.
CVE-2024-32482 2024-11-21 2.2 Low
The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available.
CVE-2024-30471 1 Apache 1 Streampipes 2024-11-21 3.7 Low
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
CVE-2024-30099 1 Microsoft 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more 2024-11-21 7 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-30084 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2024-11-21 7 High
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-2913 2024-11-21 N/A
A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend.
CVE-2024-2440 2024-11-21 5.5 Medium
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-29149 2024-11-21 7.4 High
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process.
CVE-2024-29066 1 Microsoft 8 Windows Server 2008 R2, Windows Server 2008 Sp2, Windows Server 2012 and 5 more 2024-11-21 7.2 High
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2024-29062 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2024-11-21 7.1 High
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28718 2024-11-21 9.8 Critical
An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.
CVE-2024-28183 2024-11-21 6.1 Medium
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1.
CVE-2024-28137 2024-11-21 7.8 High
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.
CVE-2024-27361 2024-11-21 5.1 Medium
A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, and Exynos 2400 that involves a time-of-check to time-of-use (TOCTOU) race condition, which can lead to a Denial of Service.