CWE-367— Time-of-check Time-of-use (TOCTOU) Race Condition
596 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-367page 1 of 12
- CVE-2003-0813NONECVSS 0.0EG 0.02003-11-17
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which ca…
- CVE-2004-0594NONECVSS 0.0EG 0.02004-07-27
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during e…
- CVE-2011-10035HIGHCVSS 7.0EG 7.02025-10-30
Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions and missing synchronization or final-path v…
- CVE-2011-4126HIGHCVSS 8.1EG 8.12021-10-27
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
- CVE-2012-5630MEDIUMCVSS 6.3EG 6.32019-11-25
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
- CVE-2013-3888HIGHCVSS 8.4EG 8.42013-10-09
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fet…
- CVE-2013-4235MEDIUMCVSS 4.7EG 4.72019-12-03
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
- CVE-2015-7810MEDIUMCVSS 4.7EG 4.72019-11-22
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
- CVE-2017-15404HIGHCVSS 7.8EG 7.82019-01-09
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perf…
- CVE-2017-18869LOWCVSS 2.5EG 2.52020-06-15
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
- CVE-2018-0966LOWCVSS 3.3EG 3.32018-04-12
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- CVE-2018-1121LOWCVSS 3.9EG 5.92018-06-13
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the p…
- CVE-2018-16872MEDIUMCVSS 5.3EG 5.32018-12-13
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed …
- CVE-2018-6693MEDIUMCVSS 5.3EG 4.72018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequenc…
- CVE-2018-8449LOWCVSS 3.3EG 3.32018-09-13
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- CVE-2018-8584HIGHCVSS 7.8EG 7.82018-11-14
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Se…
- CVE-2019-0836HIGHCVSS 7.8EG 7.82019-04-09
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-079…
- CVE-2019-10486HIGHCVSS 7.0EG 7.02019-11-21
Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon …
- CVE-2019-10494HIGHCVSS 8.1EG 8.12019-12-12
Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IO…
- CVE-2019-1065HIGHCVSS 7.8EG 7.82019-06-12
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then in…
- CVE-2019-11482MEDIUMCVSS 4.2EG 4.72020-02-08
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
- CVE-2019-11774HIGHCVSS 7.4EG 7.42019-09-12
Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a fiel…
- CVE-2019-11775HIGHCVSS 7.4EG 7.42019-07-30
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a f…
- CVE-2019-1380HIGHCVSS 7.8EG 7.82019-11-12
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
- CVE-2019-14119HIGHCVSS 7.0EG 7.02020-09-08
u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,…
- CVE-2019-15126LOWCVSS 3.1EG 3.12020-02-05
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent…
- CVE-2019-15316HIGHCVSS 7.0EG 7.02019-08-21
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.
- CVE-2019-15608MEDIUMCVSS 5.9EG 5.92020-03-15
The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.
- CVE-2019-17102HIGHCVSS 8.3EG 8.32020-01-27
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable rac…
- CVE-2019-18644MEDIUMCVSS 5.9EG 5.92019-10-31
The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.
- CVE-2019-19793HIGHCVSS 8.8EG 8.82019-12-13
In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.
- CVE-2019-20000MEDIUMCVSS 5.9EG 5.92019-12-26
The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted.
- CVE-2019-20610HIGHCVSS 8.1EG 8.12020-03-24
An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID …
- CVE-2019-5421CRITICALCVSS 9.8EG 9.82019-04-03
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/mod…
- CVE-2019-5519MEDIUMCVSS 6.8EG 6.82019-04-01
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-u…
- CVE-2019-7249CRITICALCVSS 9.8EG 9.82019-01-31
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.
- CVE-2019-7307HIGHCVSS 7.0EG 7.02019-08-29
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker …
- CVE-2019-7347HIGHCVSS 7.5EG 7.52019-02-04
A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify rec…
- CVE-2019-9486HIGHCVSS 8.8EG 8.82019-04-30
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect …
- CVE-2020-0003MEDIUMCVSS 6.7EG 6.72020-01-08
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interac…
- CVE-2020-0204HIGHCVSS 7.0EG 7.02020-06-11
In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check f…
- CVE-2020-0238HIGHCVSS 7.0EG 7.02020-08-11
In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional executio…
- CVE-2020-0358MEDIUMCVSS 6.4EG 6.42020-09-17
In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio…
- CVE-2020-11220MEDIUMCVSS 6.4EG 6.42021-03-17
While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv…
- CVE-2020-11230MEDIUMCVSS 6.4EG 6.42021-03-17
Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial…
- CVE-2020-11233HIGHCVSS 7.0EG 7.02021-06-09
Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial …
- CVE-2020-11298HIGHCVSS 7.8EG 7.82021-06-09
While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, S…
- CVE-2020-12926MEDIUMCVSS 6.4EG 6.42020-11-12
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD bel…
- CVE-2020-13162HIGHCVSS 7.0EG 7.02020-06-16
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer execu…
- CVE-2020-1337HIGHCVSS 7.8EG 7.82020-08-17
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated …
Map vulnerabilities like CWE-367 to your infrastructure
EchelonGraph correlates every CVE — across CWE-367 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →