Lucene search
K

131 matches found

NVD
NVD
added 2025/12/16 7:15 p.m.4 views

CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS0.00184EPSS
Exploits1References4
OSV
OSV
added 2025/12/16 7:15 p.m.6 views

AZL-72739 CVE-2025-68146 affecting package python-filelock for versions less than 3.20.1-1

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS5.9AI score0.00184EPSS
Exploits1References1
OSV
OSV
added 2025/12/16 7:15 p.m.6 views

AZL-79232 CVE-2025-68146 affecting package python-filelock 3.0.12-13

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS7.5AI score0.00184EPSS
Exploits1References1
OSV
OSV
added 2025/12/16 7:15 p.m.3 views

UBUNTU-CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS7.4AI score0.00184EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2025/12/16 7:15 p.m.5 views

CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS7.3AI score0.00184EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/16 6:10 p.m.1 views

CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.3CVSS5.8AI score0.00184EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/16 6:10 p.m.27 views

CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.3CVSS0.00184EPSS
Exploits1References4
CVE
CVE
added 2025/12/16 6:10 p.m.51 views

CVE-2025-68146

CVE-2025-68146 affects the Python filelock package. A TOCTOU race in lock file creation allows local attackers with filesystem access to exploit symlinks and truncate target files. The vulnerability exists in UnixFileLock and WindowsFileLock for versions before 3.20.1; an attacker can create a sy...

6.5CVSS5.8AI score0.00184EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/16 6:10 p.m.3 views

CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.3CVSS6.1AI score0.00184EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2025/12/16 6:10 p.m.2 views

CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS5.7AI score0.00184EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/12/16 6:10 p.m.0 views

CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS6.1AI score0.00184EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.1 views

PT-2025-51773

Name of the Vulnerable Software and Affected Versions filelock versions prior to 3.20.1 Description filelock is a platform-independent file lock for Python. A Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks...

6.5CVSS6AI score0.00184EPSS
Exploits1References50
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

filelock 安全漏洞

filelock is a Python file locker open-sourced by the tox development team. A security vulnerability exists in filelock versions prior to 3.20.1, which stems from the presence of a TOCTOU contention condition that could lead to arbitrary file corruption or truncation...

6.5CVSS6.5AI score0.00184EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.0 views

Linux Distros Unpatched Vulnerability : CVE-2025-68146

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check- Time-of-Use TOCTOU race condition allows local attackers...

6.5CVSS5.9AI score0.00184EPSS
Exploits1References3
Circl
Circl
added 2025/12/15 11:55 p.m.7 views

CVE-2025-68146

creationtimestamp| type| source ---|---|--- 2025-12-15 23:55:35+00:00| published-proof-of-concept| https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f...

6.5CVSS5.8AI score0.00184EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-41020)

filelock: race condition vulnerability between fcntl and close operations, which can lead to issues in the recovery compatibility path. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

4.7CVSS6.7AI score0.00183EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/06 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990505)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990505 advisory. In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 filelock:...

4.7CVSS6.2AI score0.00183EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990295)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990295 advisory. In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 filelock:...

4.7CVSS6.2AI score0.00183EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.6 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. CVE-2024-36484 In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset CVE-2024-39487 In the...

7.8CVSS6.4AI score0.00302EPSS
Exploits0
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: filelock: Removes locks reliably when a race between fcntl/close operations is detected. When the fcntlsetlk operation races with the close operation, the created lock is removed using dolockfilewait. However, LSMs may allow t...

6.3CVSS6.5AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder