Lucene search
K

52 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fixed races among concurrent prealloc/proc write operations. We currently have no protection against concurrent changes to PCM buffer preallocations via proc files. This could potentially lead to UAF or other strange...

7.8CVSS5.5AI score0.00269EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 8:16 p.m.13 views

CVE-2026-48982

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS0.00088EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)

According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...

5.5CVSS5.5AI score0.00182EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-2310)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

5.5CVSS5.5AI score0.0039EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/01 6:53 p.m.27 views

CVE-2026-49134 CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS0.0027EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-39486)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39486 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/drmfile: Fix pid refcounting race ,...

7CVSS6.7AI score0.00223EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2026/01/13 6:44 p.m.10 views

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Vulnerability Summary Title: Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLock Affected Component: filelock package - SoftFileLock class File: src/filelock/soft.py lines 17-27 CWE: CWE-362, CWE-367, CWE-59 --- Description A TOCTOU race condition vulnerability exists in the...

5.3CVSS6.8AI score0.00115EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/12/09 12:31 a.m.4 views

EUVD-2025-201818

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks...

4.3CVSS5.7AI score0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.5 views

PT-2025-49598

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks...

4.3CVSS6.3AI score0.00184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989794)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989794 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device...

5.5CVSS6.1AI score0.00274EPSS
Exploits0References4
OSV
OSV
added 2025/09/01 7:15 p.m.5 views

CVE-2025-9810

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...

5.8CVSS6.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 12:17 a.m.10 views

CVE-2005-1727

Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the 1 system cache folder and 2 Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."...

3.7CVSS6.3AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 12:0 a.m.45 views

CVE-2025-26169

CVE-2025-26169 affects IXON VPN Client for Windows prior to 1.4.4. The issue allows Local Privilege Escalation to SYSTEM due to code execution from a configuration file that can be controlled by a low-privileged user, with a race condition that lets a temporary config file in a world-writable dir...

8.1CVSS8.3AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2024/03/22 11:7 a.m.4 views

OESA-2024-1307 iSulad security update

This is a umbrella project for gRPC-services based Lightweight Container Runtime Daemon, written by C. Security Fixes: 在isulad服务初始化阶段,会进行临时文件的正确性检查,如果检查不通过则重新创建文件,在检查与创建之间,存在一个条件竞争问题,攻击者可以通过利用该漏洞进行提权。CVE-2021-33632...

7CVSS7AI score0.00146EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/01 12:0 a.m.42 views

SUSE SLES15: libnss_slurm2 / libpmi0 / libslurm36 / perl-slurm / slurm / etc (SUSE-SU-2024:0279-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0279-1 advisory. Security fixes: - CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove...

9.8CVSS7.4AI score0.01386EPSS
Exploits0References18
OSV
OSV
added 2023/04/19 4:43 p.m.6 views

USN-6031-1 linux-oem-5.17 vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the Integrity...

7.8CVSS6.9AI score0.00608EPSS
Exploits2References11
OSV
OSV
added 2022/04/12 11:3 a.m.1 views

OESA-2022-1609 python-paramiko security update

Paramiko is a combination of the Esperanto words for "paranoid" and "friend". It is a module for Python 2.7/3.4+ that implements the SSH2 protocol for secure encrypted and authenticated connections to remote machines. Security Fixes: In Paramiko before 2.10.1, a race condition between creation an...

5.9CVSS6.7AI score0.0208EPSS
Exploits1References2
CVE
CVE
added 2021/06/24 1:19 p.m.229 views

CVE-2021-29948

Thunderbird prior to 78.10.0 is affected by CVE-2021-29948, where signatures are written to disk before verification and may be at risk of a race condition if a local attacker replaces the file. Impact includes potential signature forgery; remediation is to upgrade Thunderbird to 78.10.0 or newer...

2.5CVSS5AI score0.00286EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/04 1:30 p.m.3 views

UBUNTU-CVE-2021-27216

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a deletepidfile race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options...

6.3CVSS7.2AI score0.00984EPSS
Exploits4References4
OSV
OSV
added 2020/04/30 5:15 p.m.1 views

UBUNTU-CVE-2020-12050

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library...

7CVSS5.9AI score0.00308EPSS
Exploits0References6
Rows per page
Query Builder