Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-27014

Summary
Assigner-trendmicro
Assigner Org ID-7f7bd7df-cffe-4fdb-ab6d-859363b89272
Published At-29 Oct, 2020 | 23:45
Updated At-04 Aug, 2024 | 16:03
Rejected At-
Credits

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:trendmicro
Assigner Org ID:7f7bd7df-cffe-4fdb-ab6d-859363b89272
Published At:29 Oct, 2020 | 23:45
Updated At:04 Aug, 2024 | 16:03
Rejected At:
▼CVE Numbering Authority (CNA)

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Affected Products
Vendor
Trend Micro IncorporatedTrend Micro
Product
Trend Micro Antivirus for Mac (Consumer)
Versions
Affected
  • 2020 (v10.x) and below
Problem Types
TypeCWE IDDescription
textN/ARace Condition
Type: text
CWE ID: N/A
Description: Race Condition
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpcenter.trendmicro.com/en-us/article/TMKA-09974
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-1285/
x_refsource_MISC
Hyperlink: https://helpcenter.trendmicro.com/en-us/article/TMKA-09974
Resource:
x_refsource_MISC
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-20-1285/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpcenter.trendmicro.com/en-us/article/TMKA-09974
x_refsource_MISC
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-20-1285/
x_refsource_MISC
x_transferred
Hyperlink: https://helpcenter.trendmicro.com/en-us/article/TMKA-09974
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-20-1285/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@trendmicro.com
Published At:30 Oct, 2020 | 00:15
Updated At:05 Nov, 2020 | 16:22

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Trend Micro Incorporated
trendmicro
>>antivirus>>2020
cpe:2.3:a:trendmicro:antivirus:2020:*:*:*:*:macos:*:*
Weaknesses
CWE IDTypeSource
CWE-367Primarynvd@nist.gov
CWE ID: CWE-367
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://helpcenter.trendmicro.com/en-us/article/TMKA-09974security@trendmicro.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1285/security@trendmicro.com
Third Party Advisory
VDB Entry
Hyperlink: https://helpcenter.trendmicro.com/en-us/article/TMKA-09974
Source: security@trendmicro.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-20-1285/
Source: security@trendmicro.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

69Records found
CVE-2022-25165
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-1.64% / 81.17%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 15:19
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service.

Action-Not Available
Vendor-amazonn/a
Product-aws_client_vpnn/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-1921
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 06:15
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwarewcn3990sd780gsd865_5gqca6595qca6431_firmwaresdx24sdx55m_firmwarewcn6856_firmwarewcd9360_firmwarewsa8835wcn3950_firmwarewcd9380sd888_5gqca6420_firmwareqca6390_firmwarewcd9370sd675_firmwarewcn6855_firmwareqca6426sdx24_firmwarewcn3990_firmwareqrb5165n_firmwaresm7325qca6430_firmwarewcn3980wcn6750wcn3998sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950whs9410wcd9340_firmwaresd855wsa8815wcn6850qsm8350_firmwareqsm8350sd_8c_firmwareqca6426_firmwarewcn7850qca6574au_firmwaresdx55_firmwarewcd9375_firmwarewcn3998_firmwarewcn3980_firmwareqca6391sdx55mwcd9360qca6420qca6436_firmwareqrb5165nqca6421_firmwareaqt1000_firmwarewcn6740_firmwaresd778gsa6155p_firmwarewhs9410_firmwarewcn7851qcs6490qrb5165_firmwaresdxr2_5gqcm6490_firmwareqrb5165wcn6851_firmwareqca6430qca6574auqca6421sd778g_firmwarewcd9340sa8195psdm830_firmwarewsa8810_firmwarewcd9341_firmwarewsa8810sd870qca6436wcn6851wcn6855sa6155pwcn7851_firmwarewcn6856sd_8cwcd9385wcd9341qca6431qcs6490_firmwareqca6595_firmwaresd870_firmwarewcn6740qca6391_firmwareqca6390wcd9375sd_8cxaqt1000sd780g_firmwarewcd9370_firmwaresdx55sd675wsa8830_firmwaresd855_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresdm830wcn6750_firmwaresm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-2032
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7||HIGH
EPSS-0.10% / 28.02%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 17:29
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade

A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-globalprotectGlobalProtect App
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-8332
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-system_x3530_m4_firmwarebladecenter_hs23e_firmwarebladecenter_hs23esystem_x3630_m4_firmwaresystem_x3630_m4flex_system_x220nextscale_nx360_m4_firmwaresystem_x3650_m4_firmwarenextscale_nx360_m4idataplex_dx360_m4_firmwaresystem_x3650_m4_hd_firmwarebladecenter_hs23system_x3300_m4system_x3650_m4_hdflex_system_x440_firmwaresystem_x3750_m4_firmwaresystem_x3550_m4system_x3650_m4_bd_firmwarecompute_node-x440_firmwareidataplex_dx360_m4flex_system_x220_firmwaresystem_x3650_m4_bdbladecenter_hs23_firmwaresystem_x3750_m4system_x3550_m4_firmwaresystem_x3500_m4_firmwaresystem_x3300_m4_firmwaresystem_x3500_m4system_x3530_m4idataplex_dx360_m4_water_cooledflex_system_x240_firmwareflex_system_x240system_x3650_m4compute_node-x440idataplex_dx360_m4_water_cooled_firmwareflex_system_x440System x
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-20788
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.60%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-21 Oct, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648735.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt8167smt6771mt6833mt6877mt6781mt8365mt8167mt6765mt6853mt6883mt8168mt6739androidmt6761mt8321mt6768mt8362amt6779mt6785MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT8167, MT8167S, MT8168, MT8321, MT8362A, MT8365mt6873mt8167smt6771mt6833mt6877mt6781mt8365mt8167mt6765mt6853mt6883mt8168mt6739mt6761mt8321mt6768mt8362amt6779mt6785
CWE ID-CWE-416
Use After Free
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-1537
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.19%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Action-Not Available
Vendor-gruntjsgruntjs
Product-gruntgruntjs/grunt
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-20013
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.17%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 15:56
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt6833mt6885mt6877mt6781mt6891mt6853mt6883mt6853tmt8789androidmt8797mt6889mt8185mt8791mt6785MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-20787
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.60%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-23 Oct, 2024 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648734.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt8167smt6771mt6833mt6877mt6781mt8365mt8167mt6765mt6853mt6883mt8168mt6739androidmt6761mt8321mt6768mt8362amt6779mt6785MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT8167, MT8167S, MT8168, MT8321, MT8362A, MT8365mt6873mt8167smt6771mt6833mt6877mt6781mt8365mt8167mt6765mt6853mt6883mt8168mt6739mt6761mt8321mt6768mt8362amt6779mt6785
CWE ID-CWE-416
Use After Free
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-0915
Matching Score-4
Assigner-Logitech
ShareView Details
Matching Score-4
Assigner-Logitech
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.89%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 18:35
Updated-16 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logitech Sync desktop application prior to 2.4.574 - TOCTOU during installation leads to privelege escalation

There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user.

Action-Not Available
Vendor-logitechLogitech
Product-syncSync
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-11298
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 06:20
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwarewsa8830sd678sm6250p_firmwareqcs610qcs2290_firmwareqca8337qca6431_firmwaresd7c_firmwaremdm9628_firmwarewcd9360_firmwarecsra6620qcs4290wcn3950_firmwaresc8180x\+sdx55sd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresd690_5gsd730_firmwarewcd9370csra6620_firmwareqcs605_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcs6125_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqca9984_firmwareqca9377sa415mwcn3998sd_8cx_firmwarewcd9371_firmwaresdxr2_5g_firmwarewcd9385_firmwaresm4125mdm9628sd720gmdm9206_firmwarewcd9326_firmwarewcn3950whs9410sd662sd710_firmwaresd460_firmwaresa8155qca6574au_firmwaresdx55_firmwareqca6595auwcd9375_firmwarewcn3998_firmwarewcn3999_firmwaresm7250p_firmwareqca6420qca6436_firmwarewcd9360qca6564au_firmwareqca6584ausa6155p_firmwareqca9367_firmwarewcd9306whs9410_firmwarewcn3999sa515m_firmwaresdxr2_5gqca9367qcs6125sa8155_firmwareqca4004_firmwaresd662_firmwaresa415m_firmwareqcs405qca6430wcn3988_firmwareqca6421sd712_firmwaresm6250wcd9306_firmwaresa8195psdm830_firmwarewcd9340wsa8810_firmwaresd765gsd765_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qcs603_firmwareqcs4290_firmwarewcd9385wcd9341qca6431qca6696_firmwarewcd9371sd750gsd870_firmwarear8035qca6390sd_8cxaqt1000sd750g_firmwarewcd9375sc8180x\+sdx55_firmwaresm6250_firmwarewcn3910_firmwareqca4004wsa8830_firmwaresd855_firmwaresd865_5g_firmwaresd712sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqca6564awcn6750_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675wcd9330sd865_5gqca6595qca6564ausdx24sdx55m_firmwaresd670_firmwarewsa8835sd665_firmwarewcd9380sd888_5gsm6250pqcs410qca6574asd690_5g_firmwaresdx50m_firmwaremdm9206sdx24_firmwareqca6430_firmwarewcd9335_firmwarewcn3980wcn6750mdm9205sa515mqcs605wcd9340_firmwaresd855sm4125_firmwarewcn6850sd665sd7cwcn3910wsa8815sd_8c_firmwaresd765qca6426_firmwareqca6574a_firmwareqca9984sd768g_firmwarewcn3980_firmwaresd460qca6391sd730sdx55msdxr1_firmwarewcd9330_firmwareqca6421_firmwareaqt1000_firmwaresd678_firmwarear8031_firmwareqcm4290sdx50msd480_firmwareqcs603wcn6851_firmwareqca6574ausa8155p_firmwaresd710sd670qca6564a_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870wsa8810qcs610_firmwareqsm8250sd_8csdxr1sd768gar8031qca6595_firmwareqcs405_firmwareqca6696mdm9205_firmwareqca6391_firmwarewcd9370_firmwaresdx55sa8155pcsra6640sd675sm7250psdm830sd720g_firmwareqcs410_firmwarear8035_firmwareqcm2290qsm8250_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-11230
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 11.92%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 06:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580fsm10055qpm5679_firmwaresa6150p_firmwareqdm5579qdm2307qca6431_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqat5522_firmwarepm855a_firmwarepm8150aqtc800hqdm5670sa8150p_firmwaresdr8250_firmwareqpa5581_firmwarepm7150lqpa8821smr546_firmwareqdm5671qpm4650_firmwareqat3518qpa5580_firmwarewcn3998smr526_firmwareqdm2305_firmwareqpm5670_firmwareqdm5652qca6574au_firmwareqpm8870wcn3998_firmwareqpm5679qbt2000pm855pqca6420wcd9360qpm6670_firmwarepmx50_firmwarewhs9410_firmwaresdr735gpm8150bqdm3301_firmwareqsm7250qca6430pmr735asd765gqdm2308_firmwareqca6436wcn6851sa6155pqpa6560qfs2630_firmwaresdr865qdm5620_firmwarewcd9341sm7350_firmwaresmr545qdm4643_firmwareqca6696_firmwareqca6431qln5020sd870_firmwareqdm3302sd_8cxsa8150pqdm5621qpm5875_firmwareqat3514_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareqdm5650sdr052sa8195p_firmwaresmb1390qat5516_firmwarepm855l_firmwareqpa8686_firmwareqpm6585wcn3991wcd9380_firmwaresmb1355qln4650qpa8801sdr735g_firmwarepm8350bhs_firmwareqat5568qet5100qdm5671_firmwareqpa8801_firmwarepm8150l_firmwareqat5533_firmwaresdx55m_firmwareqtm527_firmwarewcn6856_firmwareqpa8673_firmwareqet4101_firmwarepm7250bqln4642_firmwareqfs2630qpa8842sdr052_firmwarewcd9380smb1355_firmwarepm7250b_firmwarepmk8350_firmwarepm855p_firmwaresdx50m_firmwaresdr735pm7250smb1395qpa8803smr526qca6430_firmwareqtc801s_firmwarepm7350c_firmwareqdm2301wsa8815wcn6850qdm5621_firmwareqdm2301_firmwaresmb1394qca6426_firmwarepm8350_firmwarepm8009sdr051_firmwaresdx55mqca6421_firmwarewcn6740_firmwarepm8008pm8350b_firmwareqtm525_firmwareqat3518_firmwareqpm5621_firmwarepm855lwcn6851_firmwareqdm5670_firmwareqpa6560_firmwareqpa8802_firmwarepm7150a_firmwarepm8150b_firmwareqpm5621qpm6582smr545_firmwarepm8009_firmwareqdm2310_firmwareqfs2580_firmwaresd870pm8150lqdm5677sa6145ppm855_firmwarepmm6155aupm855b_firmwareqpm6582_firmwareqca6391_firmwareqln4650_firmwareqat3516_firmwareqpm5875sdx55qet5100msa8155ppm8350bhsqet4101qat3555_firmwareqat3516qpa8803_firmwareqpm5658pm855bqpm5658_firmwareqpm5870wcn3991_firmwareqdm5652_firmwarewsa8830pmm8155au_firmwaresdr051qet6110_firmwareqdm5579_firmwareqln5030qpa5581qpa2625_firmwarepm8350bh_firmwarepmr735b_firmwarefsm10055_firmwareqet5100_firmwareqpm5870_firmwareqpm4621qet6100_firmwareqet6100sd765g_firmwareqpa8686qca6420_firmwaresmb1394_firmwareqca6390_firmwaresmb1396pm7150apm8350qpa5461_firmwarepm8350c_firmwarepmr525_firmwareqca6426wcn3990_firmwareqpm5641sd_8cx_firmwarewcd9385_firmwareqdm5650_firmwaresdxr2_5g_firmwarewhs9410qat5516pm7250_firmwareqdm5620qpa8821_firmwarepm8350bhpmk8002_firmwarepm3003aqdm4650_firmwaresdx55_firmwarepmm6155au_firmwareqat5533sm7250p_firmwareqca6436_firmwaresm7350qsm7250_firmwareqpm6670pm7150l_firmwareqdm2305sa6155p_firmwareqpm8820qpm4641qat5515_firmwareqln5020_firmwarepm855sdxr2_5gpm8250smb1398qdm4643qfs2530_firmwarepmx55qpm4641_firmwaresa6145p_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwarewsa8810_firmwareqpm5677qat5515sd765_firmwareqat3514qdm5677_firmwarepm8004_firmwaresdr8150_firmwarewcd9385qtc800h_firmwarepmk7350_firmwarepmm8155auqln5040_firmwareqpm4630qca6390aqt1000qpa8673qdm2310pmm8195auqln5030_firmwareqln4642qpm5677_firmwarewsa8815_firmwaresd888_5g_firmwaresmr525_firmwaresmb1396_firmwarepmk7350wcn6850_firmwareqpm8820_firmwarewsa8835_firmwareqpm6621_firmwaresmr546qet6110qln5040qpm8895qpm5670wcn3990pmx55_firmwareqtm527sd865_5gpmk8350smb1398_firmwareqdm3302_firmwarepm8350bqat5522qdm2307_firmwarewsa8835pm8150cpmr735bsd888_5gpm855aqpm4640_firmwaresmb1390_firmwareqdm5679_firmwarepm8350csmr525qpm4640pmr525pm7350cpm8150a_firmwareqet5100m_firmwareqpm4650qtm525sd855sd765qpm4630_firmwaresd768g_firmwaresdr865_firmwareqat3555pm8250_firmwareqca6391qpa5461aqt1000_firmwareqpm8895_firmwaresdx50msdr8150qfs2608qtc801ssmb1395_firmwareqdm4650qca6574auqpm5641_firmwaresa8155p_firmwarepm8008_firmwarewcd9341_firmwareqpm6621wsa8810pmr735a_firmwareqat5568_firmwareqdm2308pmx50wcn6856qdm5679sdr8250sd768gpm3003a_firmwarewcn6740qca6696pm8004pmk8002qpa2625sa6150ppmm8195au_firmwaresm7250pqpm4621_firmwareqpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-11233
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7||HIGH
EPSS-0.03% / 5.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qca9377_firmwarepm8909qfe1040qfe2550mdm9640_firmwarepm660pmd9607_firmwarepmi8996pmi632qfe1040_firmwareqfe1045mdm9628_firmwareqfe2340_firmwaremdm9650qln1030smb1360_firmwarepmk8001qfe2340mdm9250smb1358_firmwarepmd9635_firmwareapq8009_firmwareqca6174_firmwareqcc1110_firmwareapq8076wtr3905wtr5975_firmwareapq8076_firmwareqca9377pmi632_firmwaresdw2500_firmwarewcd9326_firmwaremdm9628wcn3615_firmwaremdm9206_firmwareqsw8573_firmwarergr7640au_firmwarewtr2955wcn3660bwgr7640_firmwareqln1021aqqcc112qca4020mdm9230_firmwarepm8953_firmwareqca6574au_firmwareqca6584mdm9630qln1031_firmwarewcn3615wcn3680b_firmwaremsm8909wapq8009w_firmwarewcn3610_firmwareapq8053_firmwaresdx20mqca6564au_firmwarewcd9306qca9367_firmwarepm8937pm660_firmwarepm8996qca9367mdm9607_firmwaremdm9655_firmwareqcc1110smb1360sd205wcd9306_firmwareapq8017_firmwarewsa8810_firmwarepm8953qualcomm215_firmwaresmb231pm439_firmwareqca4020_firmwarewcd9326wcd9335qet4200aqqfe1045_firmwaremsm8937qfe3345pm8004_firmwareqca6174a_firmwaremdm9250_firmwaresmb1358pm439pmi8952mdm9655pm8937_firmwareqet4100_firmwaresmb1350qfe2550_firmwarepm8952_firmwaremdm9330_firmwaresd210wcn3620_firmwaresd820sdx20_firmwarewsa8815_firmwarepmi8937wcn3620sdw3100wtr3925_firmwarewtr3925sdw3100_firmwareapq8017qcc112_firmwarecsr6030_firmwareqca6564amdm9630_firmwareqet4100wcn3610mdm9640pmi8952_firmwareqfe3335_firmwaresmb1355wcd9330msm8996au_firmwarewtr2955_firmwarewgr7640csr6030qca6564aupmi8994_firmwarepmm8996au_firmwareqet4101_firmwaremsm8909w_firmwaremsm8996aupmk8001_firmwareqfe1035pmm8996ausmb1355_firmwaresmb1351_firmwarepmd9655_firmwarergr7640aumdm9230qualcomm215pm8996_firmwareqet4200aq_firmwarepm8909_firmwareqca6574amdm9206pm8916_firmwareqca9379_firmwareqca6174aqfe3100_firmwaresmb358s_firmwaresmb358swtr4905wtr5975qca6174wcd9335_firmwareqtc801s_firmwaresd439_firmwarepmd9645pm8956_firmwareqsw8573qfe3335qln1036aq_firmwarewsa8815qca6584_firmwaremsm8937_firmwaremdm9650_firmwarewcn3660b_firmwarewcn3680pmx20pmd9607qca6574a_firmwareapq8009qfe3320_firmwaresmb1351smb1357_firmwarewcd9330_firmwarewtr3905_firmwarepm215_firmwaremdm9626wtr2965_firmwareqfe1035_firmwarewcn3680_firmwaresdx20qln1021aq_firmwarepm8916qln1036aqqtc801spmd9635mdm9626_firmwarepmd9655qca6574auqfe3320mdm9607sd205_firmwareqca6564a_firmwareapq8009wpmd9645_firmwaresdx20m_firmwarewsa8810smb231_firmwarewtr4905_firmwaresd210_firmwareqfe3345_firmwarewcn3680bpm215apq8096auqln1030_firmwaresmb1350_firmwarewtr2965sd820_firmwarepmi8996_firmwarepmx20_firmwarepmi8937_firmwarepm8004sdw2500apq8053apq8096au_firmwaresd439qet4101pm8952pmi8994smb1357mdm9330qca9379pm8956qln1031Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-11220
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 8.83%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 06:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9360_firmwarepm6125qat3519qbt2000_firmwarepm855a_firmwarewcn3950_firmwareqtc800hsdr8250_firmwareqcs2290pm8998_firmwaresmr546_firmwarewtr5975_firmwaresdr425_firmwarewcn3998smr526_firmwarewcn3950sm4125qpa5460pm640a_firmwareqsw8573_firmwarewgr7640_firmwareqsw8574_firmwaresd460_firmwareqca6574au_firmwareqpa4360_firmwarewcd9375_firmwarewcn3998_firmwareqbt2000pm855pqca6420wcd9360pm6150apmx50_firmwarewhs9410_firmwaresdr735gqpa5460_firmwarewcn3999sa8155_firmwaresd662_firmwareqcs405qca6430qat3522wcd9340sdm830_firmwaresdr660sa6155pqpa6560sdr865wcd9341smr545qca6696_firmwarepmm855au_firmwarewcn3910_firmwaresd_8cxpm6350qtc800ssd855_firmwarewcn3988wtr3925pm640p_firmwaresdr052sa8195p_firmwaresmb1390qat5516_firmwarepm6150lpm855l_firmwareqtc410swcn3991smb1355sdr735g_firmwarewgr7640qet5100sdx55m_firmwarepm8005_firmwareqpa8673_firmwarepm6150qet4101_firmwaresmb1354_firmwarepm7250bsdr052_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwaresmb1381pm855p_firmwaresdx50m_firmwaresdr735sdx24_firmwaresmr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcn3980qat3522_firmwareqdm2301qsw8573wcd9340_firmwarewsa8815wcn6850wcn3910qdm2301_firmwaresd_8c_firmwarepm8350_firmwareqca9984wcn3980_firmwaresdr051_firmwaresdx55mpm8008qtm525_firmwareqsw8574pmi8998pm855lqpa6560_firmwaresmr545_firmwarepm4250_firmwareqcm4290_firmwaresd480pmi8998_firmwarepm8005pm855_firmwarepm4250qdm2302pm855b_firmwareqca6595_firmwareqcs405_firmwarewtr2965pm640l_firmwarewcd9370_firmwaresdx55sa8155psd675qet4101qat3555_firmwarepm855bar8035_firmwareqcm2290wcn3991_firmwaresdr051pm6125_firmwarepm4125qbt1500qcs2290_firmwarepmi632pmx24_firmwareqbt1500_firmwareqet5100_firmwareqcs4290sdr660gpmm855auqca6420_firmwareqca6390_firmwaresmb1396wcd9370sd675_firmwarepm8350qpa4361_firmwaresdr425wcn3990_firmwareqca9984_firmwarepmi632_firmwaresd_8cx_firmwarewcd9385_firmwarewhs9410qat5516sd662sdr660g_firmwarepmk8002_firmwareqsw6310_firmwaresa8155sdx55_firmwarewcn3999_firmwaresmb1354sa6155p_firmwareqat5515_firmwarepm855wcn3988_firmwarepmx55sdr735_firmwareqat3519_firmwaresa8195pwsa8810_firmwareqat5515pm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwarewcd9385qtc800h_firmwareqdm2302_firmwareqat3550_firmwarepm4125_firmwarear8035qca6390wcd9375aqt1000qpa8673pmm8195auwtr3925_firmwaresd888_5g_firmwaresmb1396_firmwarepm8998wcn6850_firmwarewsa8815_firmwaresmr546pmx24qcm2290_firmwarewcn3990pmx55_firmwareqca6595sdx24sd665_firmwaresd888_5gqpa4360pm855apmk8003_firmwaresdr660_firmwareqca6574aqpa4361smb1390_firmwarepm6150l_firmwareqtm525sd855sm4125_firmwaresd665pm6150a_firmwarepm6150_firmwarepm640pqca6574a_firmwaresdr865_firmwareqat3555sd460smb1351aqt1000_firmwarewtr2965_firmwareqcm4290sdx50mpm640asdr8150sd480_firmwareqtc801spmd9655qca6574ausa8155p_firmwareqsw6310pm8008_firmwarewcd9341_firmwarewsa8810qtc410s_firmwareqat3550pmx50sd_8csdr8250qca6696qtc800s_firmwaresmb1381_firmwarepm8004pm640lpmk8002pmm8195au_firmwaresdm830Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-0238
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.01% / 0.30%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:26
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-0358
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.94%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:53
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-5558
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 15.12%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 16:26
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.

Action-Not Available
Vendor-
Product-SpaceLogic AS-BSpaceLogic AS-Pspacelogic_as-pspacelogic_as-b
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-33907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 11.05%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-26910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 19:56
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.

Action-Not Available
Vendor-firejail_projectn/aDebian GNU/Linux
Product-firejaildebian_linuxn/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-9921
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7||HIGH
EPSS-0.04% / 10.17%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 18:04
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
  • Previous
  • 1
  • 2
  • Next
Details not found