Lucene search
K

19 matches found

Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35357 uutils coreutils cp Information Disclosure via Permission Handling Race

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

4.7CVSS5.7AI score0.00091EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:8 p.m.27 views

CVE-2026-35357

The CVE-2026-35357 entry concerns the cp utility in the uutils coreutils project. The vulnerability is an information-disclosure race where destination files are created with umask-derived permissions (e.g., 0644) and later tightened to the final mode (e.g., 0600). A local attacker can race to op...

4.7CVSS5.7AI score0.00091EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability stems from the mkdir utility incorrectly applying permissions when using the -m flag. It first uses umask to derive directory permissions a...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : firefox-115.13.0-3.0.1.el7.AXS7 (AXSA:2024-8625:26)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8625:26 advisory. Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 CVE-2024-6604 Mozilla: Race condition in permission...

7.5CVSS5.7AI score0.0054EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 8 : firefox-115.13.0-3.el8_10.ML.1 (AXSA:2024-8566:25)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8566:25 advisory. Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 CVE-2024-6604 Mozilla: Race condition in permission...

7.5CVSS5.7AI score0.0054EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/13 6:44 p.m.11 views

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Vulnerability Summary Title: Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLock Affected Component: filelock package - SoftFileLock class File: src/filelock/soft.py lines 17-27 CWE: CWE-362, CWE-367, CWE-59 --- Description A TOCTOU race condition vulnerability exists in the...

5.3CVSS6.8AI score0.00115EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/13 12:24 a.m.7 views

SUSE CVE-2026-22701

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS6.4AI score0.00115EPSS
Exploits0References6
OSV
OSV
added 2026/01/10 6:15 a.m.11 views

AZL-74234 CVE-2026-22701 affecting package python-filelock for versions less than 3.20.3-1

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS5.7AI score0.00115EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990131)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990131 advisory. In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via...

8.4CVSS6.6AI score0.00242EPSS
Exploits1References3
OSV
OSV
added 2024/08/21 1:15 a.m.6 views

DEBIAN-CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

7CVSS6.2AI score0.00242EPSS
Exploits1References1
OSV
OSV
added 2024/08/21 1:15 a.m.16 views

UBUNTU-CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

8.4CVSS6.5AI score0.00242EPSS
Exploits1References30
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Important: redis6

Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...

8.1CVSS6.8AI score0.02582EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.42 views

FreeBSD : unzip -- permission race vulnerability (9750cf22-216d-11da-bc01-000e0c2e438a)

Imran Ghory reports a vulnerability within unzip. The vulnerability is caused by a race condition between extracting an archive and changing the permissions of the extracted files. This would give an attacker enough time to remove a file and hardlink it to another file owned by the user running...

1.2CVSS7.5AI score0.00399EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2005/08/02 12:0 a.m.26 views

unzip -- permission race vulnerability

Imran Ghory reports a vulnerability within unzip. The vulnerability is caused by a race condition between extracting an archive and changing the permissions of the extracted files. This would give an attacker enough time to remove a file and hardlink it to another file owned by the user running...

1.2CVSS9.1AI score0.00399EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.29 views

FreeBSD : bzip2 -- denial of service and permission race vulnerabilities (197f444f-e8ef-11d9-b875-0001020eed82)

Problem Description Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions. Impac...

5CVSS5.3AI score0.06152EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.36 views

FreeBSD : gzip -- directory traversal and permission race vulnerabilities (63bd4bad-dffe-11d9-b875-0001020eed82)

Problem Description Two problems related to extraction of files exist in gzip : The first problem is that gzip does not properly sanitize filenames containing '/' when uncompressing files using the -N command line option. The second problem is that gzip does not set permissions on newly extracted...

5CVSS5.6AI score0.03584EPSS
Exploits0References5
FreeBSD Advisory
FreeBSD Advisory
added 2005/06/29 12:0 a.m.19 views

FreeBSD-SA-05:14.bzip2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:14.bzip2 Security Advisory The FreeBSD Project Topic: bzip2 denial of service and permission race vulnerabilities Category: contrib Module: contribbzip2...

5.8AI score
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2005/06/09 12:0 a.m.16 views

FreeBSD-SA-05:11.gzip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:11.gzip Security Advisory The FreeBSD Project Topic: gzip directory traversal and permission race vulnerabilities Category: contrib Module: gzip Announced:...

5.9AI score
Exploits0
FreeBSD
FreeBSD
added 2005/03/30 12:0 a.m.34 views

bzip2 -- denial of service and permission race vulnerabilities

Problem Description Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions. Impac...

6.3AI score
Exploits0References1
Rows per page
Query Builder