Lucene search
K

9 matches found

NVD
NVD
added 2026/06/18 8:16 p.m.13 views

CVE-2026-48982

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS0.00088EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:1 p.m.16 views

CVE-2026-48982 pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS0.00088EPSS
Exploits0References2
OSV
OSV
added 2026/03/02 9:55 p.m.4 views

GHSA-X82F-27X3-Q89C OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries

Summary A symlink-retarget TOCTOU race in writeFileWithinRoot could point an attacker-controlled path alias outside the configured root between resolution and write operations. Impact Affected versions could cause out-of-root write side effects including file creation or truncation before final...

8.7CVSS5.9AI score
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/03 10:32 p.m.4 views

Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

...

5.5CVSS7AI score0.00245EPSS
Exploits0
OSV
OSV
added 2025/06/11 6:15 p.m.2 views

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

5.5CVSS6.6AI score
Exploits0References4
OSV
OSV
added 2025/06/11 6:15 p.m.5 views

AZL-78978 CVE-2025-0913 affecting package golang 1.25.7-1

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

5.5CVSS7.2AI score0.00245EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.3 views

SUSE CVE-2009-3286

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

4.6CVSS6.7AI score0.00468EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2009/11/03 7:28 p.m.5 views

kernel: O_EXCL creates on NFSv4 are broken

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

4.6CVSS7.2AI score0.00468EPSS
Exploits1References4
OSV
OSV
added 2006/10/16 7:7 p.m.1 views

DEBIAN-CVE-2006-5297

Race condition in the safeopen function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the OEXCL flag on NFS filesystems...

1.2CVSS6.3AI score0.00342EPSS
Exploits0References1
Rows per page
Query Builder