1861 matches found
Important: libcap security update
Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
SUSE SLED15 / SLES15 Security Update : sed (SUSE-SU-2026:1941-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1941-1 advisory. This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled...
Security update for sed
This update for sed fixes the following issue: CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
SUSE-SU-2026:1941-1 Security update for sed
This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...
Linux Distros Unpatched Vulnerability : CVE-2026-41051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. CVE-2026-41051 Note...
CVE-2026-45675
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, lin...
CLSA-2026-1778838399 golang: Fix of CVE-2026-32282
CVE-2026-32282: fix TOCTOU race in os.Root.Chmod on Linux that allowed symlink-based escapes from the restricted root by switching to fchmodat2 with /proc/self/fd fallback...
PT-2026-43463
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description Certain components, including EpgParser.php and plugin/AI/receiveAsync.json.php, fail to utilize the $resolvedIP out-parameter of the isSSRFSafeURL function for DNS pinning via CURLOPT RESOLVE...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities were caused by TOCTOU race conditions in the LDAP and OAuth authentication processes, which could allow...
GHSA-H3WW-Q6XX-W7X3 Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
Summary The LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line 663 was explicitly patched to prevent this race with the comment "Insert with default role first to avoid...
Amazon Linux 2 : PackageKit, --advisory ALAS2-2026-3282 (ALAS-2026-3282)
The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3282 advisory. PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro,...
CVE-2026-41051
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
CLSA-2026-1778662651 libcap: Fix of CVE-2026-4878
CVE-2026-4878: capsetfile TOCTOU race via path-based xattr operations...
CVE-2026-41051
CVE-2026-41051 affects csync2 and is due to the use of insecure temporary directories when csync2 is compiled with C99 or later, enabling TOCTOU-style issues in temporary paths. Public records indicate the vulnerability impacts openSUSE Tumbleweed’s csync2 package in the 2.0+git.1600444747.83b364...
CVE-2026-41051 csync2 uses insecure temporary directories when compiled with C99 or later
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...
CLSA-2026-1778599722 Fix CVE(s): CVE-2026-4878
SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...
EUVD-2026-29087
Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...
openSUSE 16 Security Update : python-pytest (openSUSE-SU-2026:20692-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20692-1 advisory. This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain...
SUSE SLES12 Security Update : sed (SUSE-SU-2026:1699-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1699-1 advisory. This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintend...
OESA-2026-2211 util-linux security update
The util-linux package contains a random collection of files that implements some low-level basic linux utilities. Security Fixes: util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary...