CWE-367: CWE-367

This Windows kernel vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by exploiting a time-of-check-time...

A local privilege escalation vulnerability in Lenovo Vantage SystemUpdate plugin allows attackers to execute arbitrary code with elevated privileges. ...

CVE-2022-47631 is a local privilege escalation vulnerability in Razer Synapse software that allows attackers to gain administrative privileges on Wind...

This Windows kernel vulnerability allows local attackers to exploit a race condition (CWE-367) to elevate privileges from user mode to kernel mode. It...

This vulnerability in the Windows Partition Management Driver allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It af...

A time-of-check to time-of-use (TOCTOU) vulnerability in the Linux kernel's io_uring subsystem allows a local user to escalate privileges to root. Thi...

This CVE describes a time-of-check to time-of-use (TOCTOU) vulnerability in the BIOS of certain HP PC products. It could allow attackers to execute ar...

This CVE describes a time-of-check to time-of-use (TOCTOU) vulnerability in HP PC BIOS firmware that could allow attackers to execute arbitrary code, ...

This is a local privilege escalation vulnerability in Parallels Access Agent that allows attackers with initial low-privileged access to gain root pri...

A local privilege escalation vulnerability exists in Lenovo System Interface Foundation's IMController component due to a Time-of-Check Time-of-Use (T...

This vulnerability in Realtek RtsUpx USB Utility Driver allows local low-privileged users to execute arbitrary code with elevated privileges via a cra...

This vulnerability allows non-secure clients to modify permissions on shared memory buffers while the system is waiting for callback responses in Qual...

CVE-2020-1337 is a local privilege escalation vulnerability in the Windows Print Spooler service that allows authenticated attackers to write arbitrar...

A local privilege escalation vulnerability exists in IBM Concert due to a race condition involving symbolic link handling. This allows authenticated l...

This vulnerability in GitLab allows authenticated users to steal credentials from higher-privileged users and impersonate them under specific conditio...

A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in Windows Virtual Machine Bus allows local attackers to execute arbitrary code. Thi...

ClipBucket v5 versions before 5.5.3 - #40 have a TOCTOU race condition in avatar/background image uploads. Attackers can upload malicious PHP files th...

BullWall Server Intrusion Protection has a timing vulnerability where MFA checks for RDP connections have a configuration-dependent delay. Remote auth...

A local, authenticated attacker can log into BullWall Server Intrusion Protection systems during the brief window after boot when login services are r...

A time-of-check time-of-use race condition vulnerability in the UEFI firmware SmiVariable driver for specific Intel server boards allows a privileged ...

A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in Windows Fundamentals allows authenticated attackers to execute arbitrary code ove...

This CVE describes a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in AMI's APTIOV BIOS firmware. An attacker with local access can ...

This CVE describes a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in AMI's APTIOV BIOS firmware. An attacker with local access can ...

This CVE describes a time-of-check time-of-use (TOCTOU) race condition vulnerability in Intel Battery Life Diagnostic Tool software. An authenticated ...

CVE-2024-42444 is a TOCTOU race condition vulnerability in AMI APTIOV BIOS that allows local attackers to execute arbitrary code on affected devices. ...

This vulnerability allows a local attacker to escalate privileges via COM hijack in AVG/Avast Antivirus when self-protection is disabled. It affects u...

This CVE describes a TOCTOU (Time-Of-Check-Time-Of-Use) vulnerability in AMD System Management Mode (SMM) that could allow an attacker with ring0 priv...

This vulnerability in OpenSSH allows attackers to perform timing attacks against password entry when echo is disabled (e.g., during su or sudo operati...

This vulnerability is a time-of-check time-of-use (TOCTOU) race condition in Qualcomm modem firmware that allows a transient denial-of-service (DoS) a...

A race condition vulnerability in McAfee Total Protection's QuickClean feature allows local users to elevate privileges and delete arbitrary files. Th...

A Time-of-check Time-of-use (TOC/TOU) vulnerability in the Zoom Plugin for Microsoft Outlook on macOS allows standard users to write malicious applica...

This vulnerability allows local attackers with high-privileged code execution on a Parallels Desktop guest system to escalate privileges to hypervisor...

NestJS applications using Fastify platform with route-specific middleware are vulnerable to URL encoding bypass. This allows attackers to access prote...

This CVE describes a Time-of-Check Time-of-Use (TOCTOU) vulnerability in GPU firmware where guest VM kernel/driver software can post improper commands...

This CVE describes a time-of-check time-of-use (TOCTOU) vulnerability in Alcatel-Lucent ALE deskphones that allows authenticated attackers to replace ...

This vulnerability is a Time-of-Check Time-of-Use (TOCTOU) race condition in AMD's ASP bootloader that allows an attacker to tamper with SPI ROM data ...

This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to potentially escape the browser sandbox via a craf...

This vulnerability allows an attacker with guest VM access on AMD systems to bypass host OS security controls and potentially execute arbitrary code o...

This CVE describes a time-of-check to time-of-use (TOCTOU) race condition vulnerability in Rufus versions 4.11 and below. When Rufus runs with Adminis...

A time-of-check time-of-use race condition vulnerability in the Graphics Kernel allows authenticated local attackers to execute arbitrary code. This a...

This vulnerability allows an attacker with administrative privileges to cause a Blue Screen of Death (BSOD) by manipulating memory access rights durin...

A race condition vulnerability in Lapce v0.2.8 allows attackers to execute arbitrary code with elevated privileges. This affects users running the vul...

A time-of-check time-of-use race condition vulnerability in Intel Converged Security and Management Engine firmware allows a privileged local user to ...

This CVE describes a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in certain Intel processors with Intel ACTM technology. It allows...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Distributed File System (DFS) services. Attackers can ...

A race condition vulnerability in BIOS firmware for certain Intel processors allows a privileged user with local access to potentially escalate privil...

This vulnerability in the NuGet client allows remote code execution when processing specially crafted packages. Attackers could execute arbitrary code...

This CVE describes a local privilege escalation vulnerability in SevenCs ORCA G2 software where a TOCTOU race condition allows standard users to gain ...

This CVE describes a local privilege escalation vulnerability in Nagios XI where low-privileged users can exploit race conditions during crontab insta...

A time-of-check time-of-use race condition vulnerability in Microsoft Defender for Linux allows a local authenticated attacker to cause a denial of se...