17 matches found
CVE-2025-41259
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
CVE-2025-41259
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
UBUNTU-CVE-2025-41259
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
CVE-2025-41259
SWUpdate (affected before 2026.05) suffers a TOCTOU race in the signed update process, enabling local unprivileged users to escalate to root or install untrusted contents. No exploitation vectors are detailed beyond this description; remediation/version details are not explicitly stated in the pr...
CVE-2025-41259 SWUpdate Untrusted Script Execution via Signed Update TOCTOU
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
CVE-2025-41259
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
CVE-2025-41259 SWUpdate Untrusted Script Execution via Signed Update TOCTOU
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
CVE-2025-41259
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
PT-2026-45914
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
SWUpdate 安全漏洞
SWUpdate is an embedded Linux system update tool developed by Stefano Babic. Versions of SWUpdate prior to 2026.05 contained security vulnerabilities. These vulnerabilities were due to race conditions between the check time and the usage time, which could allow local non-privileged users to gain...
Linux Distros Unpatched Vulnerability : CVE-2026-28525
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a deni...
CVE-2026-28525
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...
UBUNTU-CVE-2026-28525
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...
CVE-2026-28525
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...
CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...
CVE-2026-28525
SWUpdate contains an integer underflow in the multipart upload parser (mongoose_multipart.c) that enables unauthenticated remote denial of service. An attacker can trigger an underflow in mg_http_multipart_continue_wait_for_chunk() by sending a crafted HTTP POST to /upload with a malformed multip...
SWUpdate 缓冲区错误漏洞
SWUpdate is an embedded Linux system update tool developed by Stefano Babic. SWUpdate has a buffer error vulnerability, which stems from an integer underflow in the multipart upload parser in the mongoosemultipart.c file. This vulnerability allows unauthenticated attackers to cause...