Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
SAP CAR Archive Tool Denial Of Service / Security Bypass
11.08.2016
Martin Gallo
CVEMAP Search Results
CVE
Details
Description
2022-07-18
CVE-2022-34899
Updating...
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16134.
2022-07-12
Low
CVE-2022-33691
Updating...
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.
2022-06-14
High
CVE-2021-30347
Updating...
Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
High
CVE-2021-35082
Updating...
Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT
Medium
CVE-2021-35090
Updating...
Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
2022-05-18
Medium
CVE-2021-3969
Vendor:
Lenovo
Software:
System inter...
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.
2022-05-11
Medium
CVE-2021-26347
Updating...
TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.
2022-05-10
Medium
CVE-2022-1537
Vendor:
Gruntjs
Software:
Grunt
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
2022-04-12
Low
CVE-2022-24413
Vendor:
DELL
Software:
Emc powersca...
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.
2022-03-10
CVE-2022-0280
Updating...
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
Copyright
2022
, cxsecurity.com
Back to Top
