96 matches found
SUSE CVE-2026-22702
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
FreeBSD : virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following') (fd3855b8-efbc-11f0-9e3f-b0416f0c4c67)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fd3855b8-efbc-11f0-9e3f-b0416f0c4c67 advisory. https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports: virtualenv is a too...
CVE-2026-22702
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
AZL-74237 CVE-2026-22702 affecting package python-virtualenv 20.25.0-3
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
CVE-2026-22702
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
UBUNTU-CVE-2026-22702
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
CVE-2026-22702
CVE-2026-22702 concerns the Python tool for creating isolated environments, virtualenv. The issue is a TOCTOU race in directory creation where a local attacker can exploit a window between existence checks and creation to redirect virtualenv’s app_data and lock files to attacker-controlled locati...
CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
CVE-2019-20617
An issue was discovered on Samsung mobile devices with P9.0 software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 March 2019...
CVE-2025-62840 HBS 3 Hybrid Backup Sync
A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following...
CVE-2025-15221
A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit ha...
Apple macOS Tahoe Insufficient Authentication Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an insufficient authentication vulnerability that can be exploited by an attacker to cause...
CVE-2025-43471
The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43522
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access user-sensitive data...
PT-2025-51019
Name of the Vulnerable Software and Affected Versions macOS versions prior to 14.8.3 macOS versions prior to 15.7.3 macOS version 26.2 iOS versions prior to 18.7.3 iPadOS versions prior to 18.7.3 Description An application may be able to access sensitive user data due to insufficient checks. The...
EUVD-2025-198706
Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...
CVE-2025-65501
CVE-2025-65501 affects libcoap 4.3.5. The issue is a null pointer dereference in coap_dtls_info_callback() during a DTLS handshake when SSL_get_app_data() returns NULL, enabling potential denial of service. Fedora advisories indicate that updates to 4.3.5a are released for Fedora 42/43; Nessus/Op...
CVE-2025-65501
Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...