| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility (LTV) sensors.
There is no indication of exploitation of these issues in the wild. Our threat hunting and intelligence team are actively monitoring for exploitation and we maintain visibility into any such attempts.
The Falcon sensor for Mac, the Falcon sensor for Linux and the Falcon sensor for Legacy Systems are not impacted by this.
CrowdStrike was made aware of this issue through our HackerOne bug bounty program. It was discovered by Cong Cheng and responsibly disclosed. |
| A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass.
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. |
| Time-of-check time-of-use race condition for some ACAT before version 3.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
| The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress. |
| In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. |
| The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled. |
| An attacker with local access the to medical office computer can
escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by
exploiting a race condition in the Elefant Update Service during the
repair or update process. When using the repair function, the service queries the server for a
list of files and their hashes. In addition, instructions to execute
binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITY\SYSTEM" after they are
copied over to the user writable installation folder (C:\Elefant1). This
means that a user can overwrite either "PostESUUpdate.exe" or
"Update_OpenJava.exe" in the time frame after the copy and before the
execution of the final repair step. The overwritten executable is then executed as "NT AUTHORITY\SYSTEM". |
| WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. |
| A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292 |
| A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host |
| Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" (TOCTOU) attack when downloading zip files to access files outside of the OOD_ALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all current versions of OOD. However, files accessed are still protected by the UNIX permissions. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability. |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.
This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.
|
| Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protocol parameters can return access tokens obtained with the wrong scope, resource indicator, or other protocol parameters. Such usage is somewhat atypical, and only a small percentage of users are likely to be affected. Duende.AccessTokenManagement can request access tokens using the client credentials flow in several ways. In basic usage, the client credentials flow is configured once and the parameters do not vary. In more advanced situations, requests with varying protocol parameters may be made by calling specific overloads of these methods: `HttpContext.GetClientAccessTokenAsync()` and `IClientCredentialsTokenManagementService.GetAccessTokenAsync()`. There are overloads of both of these methods that accept a `TokenRequestParameters` object that customizes token request parameters. However, concurrent requests with varying `TokenRequestParameters` will result in the same token for all concurrent calls. Most users can simply update the NuGet package to the latest version. Customizations of the `IClientCredentialsTokenCache` that derive from the default implementation (`DistributedClientCredentialsTokenCache`) will require a small code change, as its constructor was changed to add a dependency on the `ITokenRequestSynchronization` service. The synchronization service will need to be injected into the derived class and passed to the base constructor. The impact of this vulnerability depends on how Duende.AccessTokenManagement is used and on the security architecture of the solution. Most users will not be vulnerable to this issue. More advanced users may run into this issue by calling the methods specified above with customized token request parameters. The impact of obtaining an access token with different than intended protocol parameters will vary depending on application logic, security architecture, and the authorization policy of the resource servers. |
| conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized as a Time-of-Check to Time-of-Use (TOCTOU) issue, can be exploited to introduce unauthorized modifications to build artifacts stored in the cf-staging Anaconda channel. Exploitation may result in the unauthorized publication of malicious artifacts to the production conda-forge channel. The core vulnerability results from the absence of atomicity between the hash validation and the artifact copy operation. This gap allows an attacker, with access to the cf-staging token, to overwrite the validated artifact with a malicious version immediately after hash verification, but before the copy action is executed. As the cf-staging channel permits artifact overwrites, such an operation can be carried out using the anaconda upload --force command. This vulnerability is fixed in 2025.4.10. |
| A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. |
| Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function. |
| Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use (TOCTOU) condition that allows attackers to bypass network isolation and access internal services, cloud metadata endpoints, and protected network segments. The Desktop edition requires no authentication; the Server edition requires only standard authentication. This issue is fixed in version 25.11.1.3086. |
| node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2. |
| yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use (TOCTOU) race condition (CWE-367) in the creation of the default configuration file config.json. In version 1.0, load_json_settings in Settings.hpp checks for the existence of config.json using boost::filesystem::exists and, if the file is missing, calls create_json_settings which writes the JSON configuration with boost::property_tree::write_json. A local attacker with write access to the application’s configuration directory (~/.config/yt-grabber-tui on Linux or the current working directory on Windows) can create a symbolic link between the existence check and the subsequent write so that the write operation follows the symlink and overwrites an attacker-chosen file accessible to the running process. This enables arbitrary file overwrite within the privileges of the application process, which can corrupt files and cause loss of application or user data. If the application is executed with elevated privileges, this could extend to system file corruption. The issue is fixed in version 1.0.1. |