7 matches found
EUVD-2016-1614
Malware in sbrugna...
EUVD-2022-35548
Malicious code in bioql PyPI...
PT-2023-13063 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: An issue was discovered in Insyde InsydeH2O that could cause TOCTOU race-condition issues due to DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code, potential...
CVE-2022-32476
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...
Windows File System Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in the Windows kernel that could allow an attacker to exploit time of check time of use TOCTOU issues in file path-based checks from a low-integrity application. An attacker who successfully exploited this vulnerability could potentially modify files...
Fedora Core 4 : unzip-5.51-13.fc4 (2006-098)
Mon Feb 6 2006 Ivana Varekova 5.51-13.fc4 - fix bug 178961 - CVE-2005-4667 - unzip long file name buffer overflow - Wed Aug 3 2005 Ivana Varekova 5.51-12.fc4 - fix bug 164928 - TOCTOU issue in unzip - Mon May 9 2005 Ivana Varekova 5.51-11 - fix bug 156959 invalid file mode on created files Note...
TOCTOU with NT System Service Hooking
TOCTOU Time-Of-Check-to-Time-Of-Use problem is known for a while 1. Nevertheless such bugs are still not uncommon. That is more or less acceptable for general software but not for security products. I believe there are drivers that hook kernel system services by well known technique 2,3,4. Those...