52 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fixed races among concurrent prealloc/proc write operations. We currently have no protection against concurrent changes to PCM buffer preallocations via proc files. This could potentially lead to UAF or other strange...
CVE-2026-48982
pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...
EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)
According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...
EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-2310)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...
CVE-2026-49134 CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File
CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...
Azure Linux 3.0 Security Update: kernel (CVE-2024-39486)
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39486 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/drmfile: Fix pid refcounting race ,...
filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Vulnerability Summary Title: Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLock Affected Component: filelock package - SoftFileLock class File: src/filelock/soft.py lines 17-27 CWE: CWE-362, CWE-367, CWE-59 --- Description A TOCTOU race condition vulnerability exists in the...
EUVD-2025-201818
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks...
PT-2025-49598
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989794)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989794 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device...
CVE-2025-9810
TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...
CVE-2005-1727
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the 1 system cache folder and 2 Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."...
CVE-2025-26169
CVE-2025-26169 affects IXON VPN Client for Windows prior to 1.4.4. The issue allows Local Privilege Escalation to SYSTEM due to code execution from a configuration file that can be controlled by a low-privileged user, with a race condition that lets a temporary config file in a world-writable dir...
OESA-2024-1307 iSulad security update
This is a umbrella project for gRPC-services based Lightweight Container Runtime Daemon, written by C. Security Fixes: 在isulad服务初始化阶段,会进行临时文件的正确性检查,如果检查不通过则重新创建文件,在检查与创建之间,存在一个条件竞争问题,攻击者可以通过利用该漏洞进行提权。CVE-2021-33632...
SUSE SLES15: libnss_slurm2 / libpmi0 / libslurm36 / perl-slurm / slurm / etc (SUSE-SU-2024:0279-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0279-1 advisory. Security fixes: - CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove...
USN-6031-1 linux-oem-5.17 vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the Integrity...
OESA-2022-1609 python-paramiko security update
Paramiko is a combination of the Esperanto words for "paranoid" and "friend". It is a module for Python 2.7/3.4+ that implements the SSH2 protocol for secure encrypted and authenticated connections to remote machines. Security Fixes: In Paramiko before 2.10.1, a race condition between creation an...
CVE-2021-29948
Thunderbird prior to 78.10.0 is affected by CVE-2021-29948, where signatures are written to disk before verification and may be at risk of a race condition if a local attacker replaces the file. Impact includes potential signature forgery; remediation is to upgrade Thunderbird to 78.10.0 or newer...
UBUNTU-CVE-2021-27216
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a deletepidfile race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options...
UBUNTU-CVE-2020-12050
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library...