CWE-367

Medium likelihood

Time-of-check Time-of-use (TOCTOU) Race Condition

Parent: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

649 vulnerabilities with CWE-367
CVE-2023-6690 LOW
GitHub Enterprise Server 3.8.0-3.8.11 - Authenticated Time-of-check Time-of-use Race Condition via GraphQL Mutation
CVSS 3.9
CVE-2023-46649 MEDIUM
GitHub Enterprise Server <3.7.19-3.11.1 - Privilege Escalation
CVSS 6.3
CVE-2023-42483 MEDIUM
Samsung Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 Firmware - Time-of-check Time-of-use Race Condition
CVSS 6.3
CVE-2023-37867 LOW
YetAnotherStarsRating YASR < 3.3.8 - Time-of-check Time-of-use Race Condition
CVSS 3.7
CVE-2023-20521 LOW
AMD EPYC 7001 Series Firmware - Time-of-check Time-of-use Race Condition in ASP Bootloader
CVSS 3.3
CVE-2023-5760 HIGH
Avast/Avg Antivirus 23.8 - Time-of-check Time-of-use Race Condition via IOCTL Request Handling
CVSS 8.2
CVE-2023-46725 HIGH
foodcoopshop 3.2.0-3.6.0 - Server-Side Request Forgery via /api/updateProducts.json Endpoint
CVSS 8.1
CVE-2023-38041 HIGH
Ivanti Secure Access Client < 22.6 - Authenticated Privilege Escalation via TOCTOU Race Condition
CVSS 7.0
CVE-2023-34046 MEDIUM
VMware Fusion <13.5 - Privilege Escalation
CVSS 6.7
CVE-2023-44188 MEDIUM
Juniper Junos OS Authenticated DoS via Telemetry Request Flood
CVSS 5.3
CVE-2023-43976 HIGH
CatoNetworks CatoClient <5.4.0 - Privilege Escalation
CVSS 8.1
CVE-2023-44128 MEDIUM
Android 4.0-12.0 - Arbitrary File Deletion via LGInstallService AIDL Interface Race Condition
CVSS 5.0
CVE-2023-3891 HIGH
Lapce <0.2.8 - Privilege Escalation
CVSS 7.3
CVE-2023-4155 MEDIUM
Linux Kernel - Denial of Service via KVM AMD SEV VMGEXIT Handler Race Condition
CVSS 5.3
CVE-2023-20135 MEDIUM
Cisco IOS XR 7.5.2-7.6 - Authenticated Remote Code Execution via ISO Image Verification Race Condition
CVSS 5.7
CVE-2023-38146 HIGH
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
CVSS 8.8
CVE-2023-38141 HIGH
Windows Kernel - Elevation of Privilege via Time-of-check Time-of-use Race Condition
CVSS 7.8
CVE-2023-27470 HIGH
N-able Take Control < 7.0.43 - Arbitrary File Deletion via TOCTOU Race Condition in BASupSrvcUpdater.exe
CVSS 7.0
CVE-2023-37250 HIGH
Unity Parsec < 9.0 - Privilege Escalation via TOCTOU Race Condition
CVSS 7.0
CVE-2023-28075 MEDIUM
Dell Alienware and Chengming Firmware - Authenticated Arbitrary Code Execution via DMA Transaction Timing
CVSS 6.9
CVE-2023-35378 HIGH
Windows Projected File System - Elevation of Privilege via TOCTOU Race Condition
CVSS 7.0
CVE-2023-28576 MEDIUM
Qualcomm FastConnect and Snapdragon Firmware - Time-of-check Time-of-use Race Condition
CVSS 6.4
CVE-2023-20788 MEDIUM
Android - Use-After-Free via Thermal Race Condition
CVSS 6.4
CVE-2023-20787 MEDIUM
Android - Use-After-Free via Thermal Race Condition
CVSS 6.4
CVE-2023-20785 MEDIUM
Android - Local Privilege Escalation via Audio Bounds Check Race Condition
CVSS 6.4
Details
Vulnerabilities 649
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits