CWE-367

Medium likelihood

Time-of-check Time-of-use (TOCTOU) Race Condition

Parent: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

649 vulnerabilities with CWE-367
CVE-2020-0358 MEDIUM
Android 11 - Use-After-Free via SurfaceFlinger Race Condition
CVSS 6.4
CVE-2020-8342 HIGH
Lenovo System Update <5.07.0106 - Privilege Escalation
CVSS 7.3
CVE-2020-25212 HIGH
Linux Kernel < 5.8.3 - Time-of-check Time-of-use Race Condition in NFS Client
CVSS 7.0
CVE-2020-3619 HIGH
Qualcomm Snapdragon - Time-of-check Time-of-use Race Condition
CVSS 7.0
CVE-2020-1337 HIGH
Windows Print Spooler - Privilege Escalation via Arbitrary File Write
CVSS 7.8
CVE-2020-0238 HIGH
Android 8.0-10 - Local Privilege Escalation via AccountTypePreferenceLoader Race Condition
CVSS 7.0
CVE-2020-15702 HIGH
apport - Time-of-check Time-of-use Race Condition via PID Recycling
CVSS 7.0
CVE-2020-7460 HIGH
FreeBSD Race Condition in sendmsg System Call
CVSS 7.0
CVE-2020-14677 HIGH
Oracle VM VirtualBox < 5.2.44, < 6.0.24, < 6.1.12 - Authenticated Time-of-check Time-of-use Race Condition
CVSS 7.5
CVE-2020-14675 HIGH
Oracle VM VirtualBox < 5.2.44, < 6.0.24, < 6.1.12 - Authenticated Time-of-check Time-of-use Race Condition
CVSS 7.5
CVE-2020-14674 HIGH
Oracle VM VirtualBox < 5.2.44, < 6.0.24, < 6.1.12 - Authenticated Time-of-check Time-of-use Race Condition
CVSS 7.5
CVE-2020-13882 MEDIUM
CISOfy Lynis < 3.0.0 - Time-of-check Time-of-use Race Condition in Log and Report File Permission Check
CVSS 4.2
CVE-2020-13162 HIGH
Pulse Secure Client <9.1.6-5.3 R70 - Privilege Escalation
CVSS 7.0
CVE-2020-0204 HIGH
Android 10 - Local Privilege Escalation via Time-of-Check Time-of-Use Race Condition in InstallPackage
CVSS 7.0
CVE-2020-2032 HIGH
Palo Alto Networks GlobalProtect < 5.0.10 - Privilege Escalation via Race Condition During Upgrade
CVSS 7.0
CVE-2020-3680 HIGH
Snapdragon Auto/Compute/C/IOT/M/Wearables - Race Condition
CVSS 7.0
CVE-2020-3957 HIGH
VMware Fusion 11.0.0-11.5.4 - Local Privilege Escalation via Service Opener TOCTOU
CVSS 7.0
CVE-2020-8833 MEDIUM
Apport <2.20.1-0ubuntu2.23 - Privilege Escalation
CVSS 5.6
CVE-2020-8867 HIGH
OPC Foundation UA .NET Standard 1.04.358.30 - DoS
CVSS 7.5
CVE-2020-1630 MEDIUM
Juniper Junos OS - Authenticated Privilege Escalation via TOCTOU Race Condition
CVSS 5.0
CVE-2020-8017 MEDIUM
texlive-filesystem <2017.135-9 - Local Privilege Escalation
CVSS 6.2
CVE-2020-8016 MEDIUM
texlive-filesystem < 2017.135-9.5.1 - Time-of-check Time-of-use Race Condition
CVSS 4.9
CVE-2020-3808 MEDIUM
Creative Cloud Desktop App <5.0 - Code Injection
CVSS 5.9
CVE-2020-8873 MEDIUM
Parallels Desktop 15.1.2-47123 - Privilege Escalation
CVSS 6.7
CVE-2020-8793 MEDIUM
OpenSMTPD < 6.6.4 - Local Arbitrary File Read via Race Condition in makemap.c and smtpd.c
CVSS 4.7
Details
Vulnerabilities 649
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits