CWE:
 

Tytuł
Data
Autor
Med.
SAP CAR Archive Tool Denial Of Service / Security Bypass
11.08.2016
Martin Gallo


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-07-18
Waiting for details
CVE-2022-34899

Updating...
 

 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16134.

 
2022-07-12
Low
CVE-2022-33691

Updating...
 

 
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.

 
2022-06-14
High
CVE-2021-30347

Updating...
 

 
Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

 
High
CVE-2021-35082

Updating...
 

 
Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT

 
Medium
CVE-2021-35090

Updating...
 

 
Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

 
2022-05-18
Medium
CVE-2021-3969

Vendor: Lenovo
Software: System inter...
 

 
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.

 
2022-05-11
Medium
CVE-2021-26347

Updating...
 

 
TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.

 
2022-05-10
Medium
CVE-2022-1537

Vendor: Gruntjs
Software: Grunt
 

 
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

 
2022-04-12
Low
CVE-2022-24413

Vendor: DELL
Software: Emc powersca...
 

 
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.

 
2022-03-10
Waiting for details
CVE-2022-0280

Updating...
 

 
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top