ByteOS Network

Type	CWE ID	Description
text	N/A	n/a

Hyperlink	Resource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-002.txt	N/A
http://seclists.org/fulldisclosure/2023/Sep/6	mailing-list
http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html	N/A

Hyperlink	Resource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-002.txt	x_transferred
http://seclists.org/fulldisclosure/2023/Sep/6	mailing-list x_transferred
http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html	x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE ID	Type	Source
CWE-367	Primary	nvd@nist.gov

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html	cve@mitre.org	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2023/Sep/6	cve@mitre.org	Exploit Mailing List Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-002.txt	cve@mitre.org	Exploit Third Party Advisory

CVE-2022-31638

Matching Score-4

Assigner-HP Inc.

View Details

Matching Score-4

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.66%

||

7 Day CHG~0.00%

Published-13 Jun, 2023 | 16:13

Updated-03 Jan, 2025 | 20:15

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Vendor-HP Inc.

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-31639

Matching Score-4

Assigner-HP Inc.

View Details

Matching Score-4

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.66%

||

7 Day CHG~0.00%

Published-13 Jun, 2023 | 16:14

Updated-03 Jan, 2025 | 19:15

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Vendor-HP Inc.

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-31635

Matching Score-4

Assigner-HP Inc.

View Details

Matching Score-4

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.66%

||

7 Day CHG~0.00%

Published-13 Jun, 2023 | 16:10

Updated-03 Jan, 2025 | 15:15

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Vendor-HP Inc.

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2021-35090

Matching Score-4

Assigner-Qualcomm, Inc.

View Details

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-9.3||CRITICAL

EPSS-0.18% / 39.68%

||

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:51

Updated-04 Aug, 2024 | 00:33

Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Vendor-Qualcomm Technologies, Inc.

Product-wcn3991_firmware wcn3991 wsa8830 wcd9380_firmware sd780g sd865_5g qca6431_firmware sdx55m_firmware wcn6856_firmware sd888 wsa8835 sa8540p_firmware wcd9380 sd765g_firmware sd888_5g qca6420_firmware qca6390_firmware sd690_5g wcd9370 sd690_5g_firmware wcn6855_firmware sm7325p qca6426 qrb5165n_firmware qca6430_firmware wcn6750 wcn3998 sd_8cx_firmware wcd9385_firmware sdxr2_5g_firmware sd_8cx_gen2_firmware sa9000p wcd9340_firmware wsa8815 sm7325p_firmware qsm8350_firmware wcn6850 qsm8350 sd765 qca6426_firmware sa9000p_firmware sm7315_firmware wcn7850 sd768g_firmware wcd9375_firmware wcn3998_firmware qrb5165m sm7315 sm7250p_firmware qca6391 sdx55m qca6420 qca6436_firmware qrb5165n qca6421_firmware aqt1000_firmware wcn6740_firmware sd778g sd_8cx_gen2 wcn7851 qcs6490 qrb5165_firmware qrb5165m_firmware sdxr2_5g qcm6490_firmware qrb5165 wcn6851_firmware wcn3988_firmware qca6430 qca6421 sd778g_firmware wcd9340 wsa8810_firmware sd765g wcd9341_firmware wsa8810 sd765_firmware sd870 qca6436 wcn6851 wcn6855 sa8540p wcn7851_firmware wcn6856 wcd9385 wcd9341 sd768g qca6431 qcs6490_firmware sd750g sd870_firmware wcn6740 qca6391_firmware qca6390 wcd9375 sd_8cx aqt1000 sd750g_firmware sd780g_firmware wcd9370_firmware sd888_firmware wsa8830_firmware sd865_5g_firmware qcm6490 sd888_5g_firmware wcn3988 wcn6850_firmware wcn7850_firmware wsa8815_firmware wsa8835_firmware sm7250p wcn6750_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2020-14375

Matching Score-4

Assigner-Red Hat, Inc.

View Details

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.23%

||

7 Day CHG~0.00%

Published-30 Sep, 2020 | 18:42

Updated-04 Aug, 2024 | 12:46

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vendor-dpdk n/a Canonical Ltd.openSUSE

Product-ubuntu_linux data_plane_development_kit leap dpdk

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-27540

Matching Score-4

Assigner-HP Inc.

View Details

Matching Score-4

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 13.31%

||

7 Day CHG~0.00%

Published-28 Jun, 2024 | 19:00

Updated-22 Aug, 2024 | 15:35

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

Vendor-HP Inc.

Product-HP PC BIOS

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-43778

Matching Score-4

Assigner-HP Inc.

View Details

Matching Score-4

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.14% / 34.78%

||

7 Day CHG~0.00%

Published-12 Jun, 2023 | 19:02

Updated-06 Jan, 2025 | 17:15

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Vendor-HP Inc.

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-27541

Matching Score-4

Assigner-HP Inc.

View Details

Matching Score-4

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.14% / 35.25%

||

7 Day CHG~0.00%

Published-12 Jun, 2023 | 18:59

Updated-03 Jan, 2025 | 21:15

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Vendor-HP Inc.

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-27539

Matching Score-4

Assigner-HP Inc.

View Details

Matching Score-4

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.14% / 35.25%

||

7 Day CHG~0.00%

Published-12 Jun, 2023 | 18:56

Updated-03 Jan, 2025 | 21:15

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Vendor-HP Inc.

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-36929

Matching Score-4

Assigner-Zoom Video Communications, Inc.

View Details

Matching Score-4

Assigner-Zoom Video Communications, Inc.

CVSS Score-7.8||HIGH

EPSS-0.11% / 30.87%

||

7 Day CHG~0.00%

Published-09 Jan, 2023 | 00:00

Updated-09 Apr, 2025 | 14:27

Local Privilege Escalation in Zoom Rooms for Windows Clients

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.

Vendor-Zoom Communications, Inc.

Product-rooms Zoom Rooms for Windows

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-31636

Matching Score-4

Assigner-HP Inc.

View Details

Matching Score-4

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.66%

||

7 Day CHG~0.00%

Published-13 Jun, 2023 | 16:11

Updated-03 Jan, 2025 | 15:15

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Vendor-HP Inc.

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-47631

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs