CWE-367

Medium likelihood

Time-of-check Time-of-use (TOCTOU) Race Condition

Parent: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

649 vulnerabilities with CWE-367
CVE-2022-25165 HIGH
Amazon AWS VPN Client 2.0.0 - TOCTOU Race Condition via Configuration File Injection
CVSS 7.0
CVE-2022-0915 MEDIUM
Logitech Sync < 2.4.574 - Time-of-check Time-of-use Race Condition
CVSS 6.0
CVE-2022-24413 MEDIUM
Dell PowerScale OneFS <9.3 - TOCTOU
CVSS 4.4
CVE-2022-27834 LOW
Android DSP Driver - Use-After-Free in dsp_context_unload_graph
CVSS 2.9
CVE-2022-0280 HIGH
McAfee Total Protection for Windows <16.0.43 - Privilege Escalation
CVSS 7.5
CVE-2022-24335 HIGH
JetBrains TeamCity <2021.2 - TOCTOU
CVSS 8.1
CVE-2022-23653 MEDIUM
B2 Command Line Tool < 3.2.0 - Local Key Disclosure via TOCTOU Race Condition
CVSS 4.7
CVE-2022-23651 MEDIUM
b2-sdk-python < 1.14.1 - Local Key Disclosure via TOCTOU Race Condition
CVSS 4.7
CVE-2022-23563 HIGH
TensorFlow < 2.5.2 - Time-of-check Time-of-use Race Condition via tempfile.mktemp
CVSS 7.1
CVE-2022-23181 HIGH
Apache Tomcat 8.5.55-8.5.73, 9.0.35-9.0.56, 10.0.0-M5-10.0.14, 10.1.0-M1-10.1.0-M8 - TOCTOU Race Condition in FileStore
CVSS 7.0
CVE-2022-23029 MEDIUM
F5 BIG-IP 11.6.1-11.6.5 - Time-of-check Time-of-use Race Condition
CVSS 5.3
CVE-2022-21658 HIGH
Rust 1.0.0-1.58.0 - Time-of-check Time-of-use Race Condition in std::fs::remove_dir_all
CVSS 7.3
CVE-2022-20013 MEDIUM
Android - Local Privilege Escalation via Race Condition in vow Driver
CVSS 6.4
CVE-2021-3899 HIGH
apport < 2.21.0 - Time-of-check Time-of-use Race Condition
CVSS 7.8
CVE-2021-47280 HIGH
Linux Kernel < 4.14.237 - Use-After-Free in drm_getunique()
CVSS 7.0
CVE-2021-33632 HIGH
openEuler iSulad 2.0.18-13 and 2.1.4-1-2.1.4-2 - Time-of-check Time-of-use Race Condition
CVSS 7.0
CVE-2021-46792 MEDIUM
AMD Ryzen Firmware - Denial of Service via BIOS2PSP Command TOCTOU Race Condition
CVSS 5.9
CVE-2021-26356 HIGH
AMD EPYC 7001 Series Firmware - Time-of-check Time-of-use Race Condition in ASP Bootloader
CVSS 7.4
CVE-2021-46795 MEDIUM
AMD comboam4v2_pi_firmware < 1.2.0.5 - Denial of Service via TOCTOU Race Condition
CVSS 4.7
CVE-2021-46853 MEDIUM
Alpine < 2.25 - Denial of Service via LIST or LSUB Before STARTTLS
CVSS 5.9
CVE-2021-35937 MEDIUM
rpm < 4.18.0 - Unauthenticated Time-of-check Time-of-use Race Condition
CVSS 6.4
CVE-2021-34986 HIGH
Parallels Desktop 16.5.0 - Privilege Escalation via Symbolic Link Race Condition
CVSS 7.8
CVE-2021-35111 HIGH
Snapdragon Connectivity - Info Disclosure
CVSS 7.5
CVE-2021-35090 CRITICAL
Snapdragon Auto - Memory Corruption
CVSS 9.3
CVE-2021-35082 CRITICAL
Snapdragon Industrial IOT - Info Disclosure
CVSS 9.1
Details
Vulnerabilities 649
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits