Lucene search
K

131 matches found

OSV
OSV
added 2026/01/10 6:15 a.m.4 views

UBUNTU-CVE-2026-22701

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS5.8AI score0.00115EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/01/10 5:59 a.m.4 views

CVE-2026-22701

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS5.3AI score0.00115EPSS
Exploits0
CVE
CVE
added 2026/01/10 5:59 a.m.43 views

CVE-2026-22701

Summary of CVE-2026-22701 (python-filelock) A TOCTOU race condition affects the SoftFileLock implementation in python-filelock prior to version 3.20.3. With local filesystem access and the ability to create symlinks, an attacker can exploit a race between the permission validation and file creati...

5.3CVSS6AI score0.00115EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/10 5:59 a.m.2 views

CVE-2026-22701

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS5.9AI score0.00115EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 5:59 a.m.5 views

CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS6AI score0.00115EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

filelock 安全漏洞

filelock is a Python file locker open source by tox development team. filelock version before 3.20.3 has a security vulnerability , the vulnerability stems from the SoftFileLock implementation of the existence of TOCTOU competition conditions , which may lead to locking operation failure or...

5.3CVSS6.4AI score0.00115EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/10 12:0 a.m.3 views

SUSE SLED15 / SLES15 Security Update : python-filelock (SUSE-SU-2026:0082-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0082-1 advisory. - CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files bsc125524...

6.5CVSS7.5AI score0.00184EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-22701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementatio...

5.3CVSS6.1AI score0.00115EPSS
Exploits0References3
OSV
OSV
added 2026/01/09 9:12 a.m.1 views

SUSE-SU-2026:0082-1 Security update for python-filelock

This update for python-filelock fixes the following issues: - CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files bsc1255244...

6.5CVSS5.9AI score0.00184EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/01/09 9:12 a.m.2 views

Security update for python-filelock

This update for python-filelock fixes the following issues: CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files bsc1255244. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...

5.7CVSS6.8AI score0.00184EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/01/07 12:0 a.m.2 views

python311-filelock-3.20.2-1.1 on GA media (moderate)

python311-filelock-3.20.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10010-1 Rating: moderate Cross-References: CVE-2025-68146 CVSS scores: CVE-2025-68146 SUSE : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2025-68146 SUSE : 5.7...

5.7CVSS7.2AI score0.00184EPSS
Exploits1
OSV
OSV
added 2026/01/06 12:0 a.m.2 views

OPENSUSE-SU-2026:10010-1 python311-filelock-3.20.2-1.1 on GA media

These are all security issues fixed in the python311-filelock-3.20.2-1.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS5.8AI score0.00184EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.12 views

PT-2026-2251

Name of the Vulnerable Software and Affected Versions filelock versions prior to 3.20.3 Description A race condition exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a timing issue between...

5.3CVSS6.1AI score0.00115EPSS
Exploits0References47
Microsoft CVE
Microsoft CVE
added 2025/12/19 9:2 a.m.5 views

filelock has TOCTOU race condition that allows symlink attacks during lock file creation

...

6.5CVSS6.7AI score0.00184EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/12/18 12:26 a.m.5 views

SUSE CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

4.7CVSS6.2AI score0.00184EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/17 9:27 a.m.4 views

CVE-2025-68146

A flaw was found in filelock. This vulnerability allows local attackers to corrupt or truncate arbitrary user files via a Time-of-Check-Time-of-Use TOCTOU race condition and symlink attacks. Mitigation Ensure lock file directories used by applications employing filelock have restrictive...

6.3CVSS6.2AI score0.00184EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2025/12/16 8:52 p.m.6 views

0x20bf (=0.0.1), 31 (=2.3.0) +4284 more potentially affected by CVE-2025-68146 via filelock (>=2.0.13 <=3.20.0)

filelock PYPI version =2.0.13, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2025-68146 Source advisory: OSV:GHSA-W853-JP5J-5J7F...

6.5CVSS5.9AI score0.00184EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/12/16 8:52 p.m.5 views

0x20bf (=0.0.1), 31 (=2.3.0) +4281 more potentially affected by CVE-2025-68146 via filelock (>=3.0.10 <=3.20.0)

filelock PYPI version =3.0.10, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2025-68146 Source advisory: SNYK:PYTHON-FILELOCK-14458335...

6.5CVSS5.9AI score0.00184EPSS
Exploits1
Snyk
Snyk
added 2025/12/16 8:52 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during lock file creation. An attacker can corrupt or truncate arbitrary files by exploiting a race condition between the existence check and file opening with OTRUNC, allowing the creatio...

6.5CVSS6.6AI score0.00184EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/16 8:52 p.m.3 views

EUVD-2025-203839

filelock has a TOCTOU race condition which allows symlink attacks during lock file creation...

6.3CVSS6.3AI score0.00184EPSS
Exploits1References6
Rows per page
Query Builder