CVE-2023-35311
8.8HIGH
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook Security Feature Bypass Vulnerability
7/11/2023CWE-367, CWE-367 +1
Tipo de Debilidad
CWE-367
Todas las vulnerabilidades CVE clasificadas bajo este tipo de debilidad.
Ver en MITRE CWETotal CVEs
50
Críticos
2
En KEV
0
Con Exploits
0
CVE-2023-3891
7.3HIGH
Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system
Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system
9/15/2023CWE-367, CWE-367
CVE-2024-5558
6.4MEDIUM
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.
6/12/2024CWE-367
CVE-2022-43946
7.5HIGH
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in F
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in F...
4/11/2023CWE-732, CWE-367 +1
CVE-2024-35265
7.0HIGH
Windows Perception Service Elevation of Privilege Vulnerability
Windows Perception Service Elevation of Privilege Vulnerability
6/11/2024CWE-367, CWE-367
CVE-2022-33986
6.4MEDIUM
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the ...
11/15/2022CWE-367, CWE-367
CVE-2023-25394
7.0HIGH
Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.
Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.
5/17/2023CWE-367, CWE-367
CVE-2022-33691
6.2MEDIUM
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.
7/12/2022CWE-367, CWE-367
CVE-2022-39908
6.9MEDIUM
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
12/8/2022CWE-367, CWE-367
CVE-2019-5421
9.8CRITICAL
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts...
4/3/2019CWE-367, CWE-307
CVE-2024-30099
7.0HIGH
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
6/11/2024CWE-367, CWE-367
CVE-2024-24692
5.3MEDIUM
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
3/13/2024CWE-367, CWE-367
CVE-2022-25716
6.7MEDIUM
Memory corruption in Multimedia Framework due to unsafe access to the data members
Memory corruption in Multimedia Framework due to unsafe access to the data members
1/9/2023CWE-367, CWE-367
CVE-2024-30088
7.0HIGH
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
6/11/2024CWE-367, CWE-367
CVE-2022-30773
6.4MEDIUM
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parame
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parame...
11/14/2022CWE-367, CWE-367
CVE-2025-47344
6.7MEDIUM
Memory corruption while handling sensor utility operations.
Memory corruption while handling sensor utility operations.
1/7/2026CWE-367
CVE-2024-1563
8.1HIGH
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerabili
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerabili...
2/22/2024CWE-367, CWE-367
CVE-2023-0006
6.3MEDIUM
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condi
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condi...
4/12/2023CWE-367, CWE-367
CVE-2022-34830
7.5HIGH
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
11/23/2022CWE-367, CWE-367
CVE-2022-0915
6.0MEDIUM
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission t
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission t...
4/12/2022CWE-367, CWE-367
CVE-2025-24036
7.0HIGH
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
2/11/2025CWE-367
CVE-2023-33156
6.3MEDIUM
Microsoft Defender Elevation of Privilege Vulnerability
Microsoft Defender Elevation of Privilege Vulnerability
7/11/2023CWE-367
CVE-2023-23389
6.3MEDIUM
Microsoft Defender Elevation of Privilege Vulnerability
Microsoft Defender Elevation of Privilege Vulnerability
3/14/2023CWE-367
CVE-2024-29062
7.1HIGH
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
4/9/2024CWE-367, CWE-367
CVE-2021-3969
7.8HIGH
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker ...
5/18/2022CWE-367, CWE-367
CVE-2025-47332
6.7MEDIUM
Memory corruption while processing a config call from userspace.
Memory corruption while processing a config call from userspace.
1/7/2026CWE-367
CVE-2023-37867
3.7LOW
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugi
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugi...
11/30/2023CWE-367, CWE-367
CVE-2023-1586
6.5MEDIUM
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast an
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast an...
4/19/2023CWE-367, CWE-367
CVE-2022-32608
6.4MEDIUM
In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploi
In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploi...
11/8/2022CWE-367, CWE-367
CVE-2022-24413
4.4MEDIUM
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to d
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to d...
4/12/2022CWE-367, CWE-367
CVE-2023-38146
8.8HIGH
Windows Themes Remote Code Execution Vulnerability
Windows Themes Remote Code Execution Vulnerability
9/12/2023CWE-367
CVE-2024-30084
7.0HIGH
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
6/11/2024CWE-367, CWE-367
CVE-2023-38041
7.0HIGH
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to g
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to g...
10/25/2023CWE-367, CWE-367
CVE-2023-1585
6.5MEDIUM
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed...
4/19/2023CWE-367, CWE-367
CVE-2022-30774
6.4MEDIUM
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter...
11/15/2022CWE-367, CWE-367
CVE-2022-33982
6.4MEDIUM
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buff
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buff...
11/14/2022CWE-367, CWE-367
CVE-2025-27812
8.1HIGH
MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.
MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.
4/10/2025CWE-367
CVE-2023-29337
7.1HIGH
NuGet Client Remote Code Execution Vulnerability
NuGet Client Remote Code Execution Vulnerability
6/14/2023CWE-367
CVE-2024-6787
5.3MEDIUM
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbit
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbit...
9/21/2024CWE-367, CWE-367
CVE-2023-6803
5.8MEDIUM
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server si
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server si...
12/21/2023CWE-367, CWE-367
CVE-2023-5760
8.2HIGH
A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing
A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing...
11/8/2023CWE-367, CWE-367
CVE-2023-0778
6.8MEDIUM
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access...
3/27/2023CWE-367, CWE-367
CVE-2023-23520
5.9MEDIUM
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as ro
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as ro...
2/27/2023CWE-367, CWE-367
CVE-2022-26387
7.5HIGH
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would...
12/22/2022CWE-367, CWE-367
CVE-2022-34325
7.8HIGH
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are target
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are target...
11/14/2022CWE-367, CWE-367
CVE-2022-29800
4.7MEDIUM
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being...
9/21/2022CWE-367, CWE-367
CVE-2020-27252
8.8HIGH
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient R
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient R...
12/14/2020CWE-367, CWE-367
CVE-2015-1865
5.1MEDIUM
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
9/20/2017CWE-362, CWE-367
CVE-2024-0133
4.1MEDIUM
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This do
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This do...
9/26/2024CWE-367, CWE-367
CVE-2024-27114
9.8CRITICAL
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail...
9/11/2024CWE-367, CWE-367
Mostrando 50 de many CVEs