Vulnerabilities > Time-of-check Time-of-use (TOCTOU) Race Condition
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-11 | CVE-2024-27297 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nixos NIX Nix is a package manager for Linux and other Unix systems. | 5.9 |
| 2024-02-29 | CVE-2023-52478 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs from a workqueue but it also runs on probe() and if a "device-connected" packet is received by the hw when the thread running hidpp_connect_event() from probe() is waiting on the hw, then a second thread running hidpp_connect_event() will be started from the workqueue. This opens the following races (note the below code is simplified): 1. | 4.7 |
| 2024-02-22 | CVE-2024-1563 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Mozilla Firefox Focus An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. | 8.1 |
| 2024-02-15 | CVE-2022-23084 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Freebsd The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. | 7.5 |
| 2024-02-06 | CVE-2023-33046 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. | 7.0 |
| 2024-01-09 | CVE-2022-48618 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple products The issue was addressed with improved checks. | 7.0 |
| 2023-12-22 | CVE-2023-43741 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Buildkite Elastic CI Stack A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | 7.0 |
| 2023-12-21 | CVE-2023-46649 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. | 7.0 |
| 2023-12-21 | CVE-2023-6690 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2.0 |
| 2023-12-21 | CVE-2023-6803 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. | 4.0 |