Vulnerabilities (CVE)

Filtered by CWE-367
Total 262 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43777 1 Hp 774 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 771 more 2023-12-10 N/A 7.8 HIGH
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVE-2023-0006 1 Paloaltonetworks 1 Globalprotect 2023-12-10 N/A 6.3 MEDIUM
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.
CVE-2022-27541 1 Hp 774 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 771 more 2023-12-10 N/A 7.8 HIGH
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVE-2023-32555 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-12-10 N/A 7.0 HIGH
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554.
CVE-2023-32554 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-12-10 N/A 7.0 HIGH
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555.
CVE-2022-31637 1 Hp 806 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 803 more 2023-12-10 N/A 7.8 HIGH
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2023-1586 3 Avast, Avg, Microsoft 3 Antivirus, Anti-virus, Windows 2023-12-10 N/A 4.7 MEDIUM
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11
CVE-2022-36980 1 Ivanti 1 Avalanche 2023-12-10 N/A 8.1 HIGH
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.
CVE-2021-46792 1 Amd 110 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 107 more 2023-12-10 N/A 5.9 MEDIUM
Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.
CVE-2022-31635 1 Hp 806 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 803 more 2023-12-10 N/A 7.8 HIGH
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2022-31640 1 Hp 582 Elite Dragonfly, Elite Dragonfly Firmware, Elite Dragonfly G2 and 579 more 2023-12-10 N/A 7.0 HIGH
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2022-31638 1 Hp 806 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 803 more 2023-12-10 N/A 7.8 HIGH
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2022-27539 1 Hp 774 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 771 more 2023-12-10 N/A 7.8 HIGH
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVE-2023-25394 1 Getvideostream 1 Videostream 2023-12-10 N/A 7.0 HIGH
Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.
CVE-2023-20620 2 Google, Mediatek 4 Android, Mt6879, Mt6895 and 1 more 2023-12-10 N/A 4.1 MEDIUM
In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558.
CVE-2023-23520 1 Apple 3 Ipados, Iphone Os, Macos 2023-12-10 N/A 5.9 MEDIUM
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
CVE-2022-22753 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2023-12-10 N/A 7.1 HIGH
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVE-2022-26387 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2023-12-10 N/A 7.5 HIGH
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
CVE-2022-25716 1 Qualcomm 14 Sd888 5g, Sd888 5g Firmware, Wcd9380 and 11 more 2023-12-10 N/A 7.0 HIGH
Memory corruption in Multimedia Framework due to unsafe access to the data members
CVE-2022-32638 2 Google, Mediatek 30 Android, Mt6781, Mt6833 and 27 more 2023-12-10 N/A 6.4 MEDIUM
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494449; Issue ID: ALPS07494449.