41 matches found
EUVD-2019-0372
Malware in sbrugna...
EUVD-2022-52598
Malicious code in bioql PyPI...
EUVD-2022-52597
Malicious code in bioql PyPI...
CVE-2022-30774
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...
CVE-2022-30773
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...
Security Bulletin: Multiple vulnerabilities found in IBM EntireX.
Summary IBM EntireX has been updated in order to address multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-56812 DESCRIPTION: IBM EntireX could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in...
Security Bulletin: Vulnerability in PostgreSQL affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in PostgreSQL has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by PostgreSQL TOCTOU vulnerability
Summary IBM Sterling Connect:Direct Web Services uses PostgreSQL, PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a tme-of-check time-of-use TOCTOU race condition in pgdump. Vulnerability Details CVEID:CVE-2024-7348 DESCRIPTION: PostgreS...
CVE-2024-45120 Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use...
CVE-2024-5558
CWE-367: Time-of-check Time-of-use TOCTOU Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account...
CVE-2024-5558
CWE-367: Time-of-check Time-of-use TOCTOU Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account...
CVE-2024-5558
CVE-2024-5558 is a TOCTOU race condition vulnerability in Schneider Electric SpaceLogic AS-P (and AS-B) prior to or at version 5.0.3, enabling privilege escalation via abuse of a restricted admin account. The Red Hat/NVD entries describe CWE-367; CNNVD specifies SpaceLogic AS-P v5.0.3 and earlier...
Fortinet FortiClient pipe object (FG-IR-22-429)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-429 advisory. - Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a...
Race condition
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
CVE-2022-43946
Fortinet FortiClientWindows prior to version 7.0.7 contains a combination of a critical resource permission assignment error (CWE-732) and a TOCTOU race condition (CWE-367). These flaws can allow an attacker on the same file sharing network to remotely execute commands by writing data into a Wind...
CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
FortiClient (Windows) - Improper write access over FortiClient pipe object
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writin...
CVE-2022-30774
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...
Code injection
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...