Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/29 12:38 p.m.7 views

EUVD-2026-40086

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
CVE
CVE
added 2026/01/10 5:59 a.m.41 views

CVE-2026-22701

Summary of CVE-2026-22701 (python-filelock) A TOCTOU race condition affects the SoftFileLock implementation in python-filelock prior to version 3.20.3. With local filesystem access and the ability to create symlinks, an attacker can exploit a race between the permission validation and file creati...

5.3CVSS6AI score0.00115EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/12 6:15 p.m.4 views

CVE-2025-50158

Time-of-check time-of-use toctou race condition in Windows NTFS allows an unauthorized attacker to disclose information locally...

7CVSS5.7AI score0.00354EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/20 6:50 p.m.2 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during the image unpack process. An attacker can modify the host file system by exploiting the time gap between checking and using a file or resource. Workarounds 1. Verify image integrity...

9.6CVSS6.9AI score0.00435EPSS
Exploits0References2
OSV
OSV
added 2024/09/24 8:49 a.m.10 views

CLSA-2024-1727167500 kernel: Fix of 11 CVEs

wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - bnx2x: Fix multiple UBSAN array-index-out-of-bounds CVE-2024-42148 - exec: Fix ToCToU between perm check and set-uid/gid usage CVE-2024-43882 - scsi: aacraid: Fix double-free on probe failure...

8.4CVSS6.8AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2022/11/14 11:15 p.m.7 views

CVE-2022-34325

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References2
Rows per page
Query Builder