Vulnerabilities > Time-of-check Time-of-use (TOCTOU) Race Condition

DATE CVE VULNERABILITY TITLE RISK
2021-02-08 CVE-2021-26910 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in multiple products
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
6.9
2021-01-30 CVE-2020-14418 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in multiple products
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM.
6.9
2021-01-26 CVE-2021-21615 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Jenkins
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
network
jenkins CWE-367
3.5
2020-12-31 CVE-2020-35889 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Crayon Project Crayon
An issue was discovered in the crayon crate through 2020-08-31 for Rust.
6.8
2020-12-21 CVE-2020-25860 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Pengutronix Rauc
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation.
network
high complexity
pengutronix CWE-367
7.1
2020-12-14 CVE-2020-27252 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader.
network
medtronic CWE-367
critical
9.3
2020-11-12 CVE-2020-12926 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in AMD Trusted Platform Modules Reference
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens.
local
amd CWE-367
4.4
2020-11-05 CVE-2020-24428 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Adobe products
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation.
network
high complexity
adobe CWE-367
5.1
2020-10-30 CVE-2020-27014 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Trendmicro Antivirus 2020
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
6.9
2020-10-22 CVE-2020-9990 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Apple mac OS X
A race condition was addressed with additional validation.
local
apple CWE-367
6.9