41 matches found
EUVD-2019-0372
Malware in sbrugna...
EUVD-2022-52597
Malicious code in bioql PyPI...
EUVD-2022-52598
Malicious code in bioql PyPI...
CVE-2022-30774
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...
CVE-2022-30773
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...
Security Bulletin: Multiple vulnerabilities found in IBM EntireX.
Summary IBM EntireX has been updated in order to address multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-56812 DESCRIPTION: IBM EntireX could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in...
Security Bulletin: Vulnerability in PostgreSQL affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in PostgreSQL has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by PostgreSQL TOCTOU vulnerability
Summary IBM Sterling Connect:Direct Web Services uses PostgreSQL, PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a tme-of-check time-of-use TOCTOU race condition in pgdump. Vulnerability Details CVEID:CVE-2024-7348 DESCRIPTION: PostgreS...
CVE-2024-45120 Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use...
CVE-2024-5558
CWE-367: Time-of-check Time-of-use TOCTOU Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account...
CVE-2024-5558
CVE-2024-5558 is a TOCTOU race condition vulnerability in Schneider Electric SpaceLogic AS-P (and AS-B) prior to or at version 5.0.3, enabling privilege escalation via abuse of a restricted admin account. The Red Hat/NVD entries describe CWE-367; CNNVD specifies SpaceLogic AS-P v5.0.3 and earlier...
CVE-2024-5558
CWE-367: Time-of-check Time-of-use TOCTOU Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account...
Fortinet FortiClient pipe object (FG-IR-22-429)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-429 advisory. - Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a...
Race condition
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
CVE-2022-43946
Fortinet FortiClientWindows prior to version 7.0.7 contains a combination of a critical resource permission assignment error (CWE-732) and a TOCTOU race condition (CWE-367). These flaws can allow an attacker on the same file sharing network to remotely execute commands by writing data into a Wind...
CVE-2022-43946
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...
FortiClient (Windows) - Improper write access over FortiClient pipe object
Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in FortiClientWindows may allow an attacker on the same file sharing network to execute commands via writin...
CVE-2022-30774
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...
Design/Logic Flaw
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption...