14 matches found
CVE-2026-5947
A flaw was found in BIND. A remote attacker could exploit a race condition during SIG0 signature validation of an incoming DNS message. If the "recursive-clients" limit is reached and the message is discarded, a use-after-free vulnerability may occur. This could lead to undefined behavior and...
CVE-2026-33574
OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to...
Medium: python3.13-filelock
Issue Overview: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows loc...
youki container escape via "masked path" abuse due to mount race conditions
Impact youki utilizes bind mounting the container's /dev/null as a file mask. When performing this operation, the initial validation of the source /dev/null was insufficient. Specifically, we initially failed to verify whether /dev/null was genuinely present. However, we did perform validation to...
CVE-2025-44002
CVE-2025-44002 affects TeamViewer Full Client and TeamViewer Host before version 15.69 on Windows. The root cause is a race condition in the directory validation logic, allowing a local non-admin user to exploit symbolic-link manipulation to create arbitrary files with SYSTEM privileges, potentia...
CVE-2025-44002 Arbitrary File Creation via Symbolic Link leading to Denial-of-Service
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
CVE-2025-44002 Arbitrary File Creation via Symbolic Link leading to Denial-of-Service
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
TeamViewer Full Client和TeamViewer Host 安全漏洞
TeamViewer Full Client and TeamViewer Host are both a remote control software from the German company TeamViewer. A security vulnerability exists in TeamViewer Full Client and TeamViewer Host versions prior to 15.69, which stems from a contention condition in the directory validation logic that...
PT-2025-34754 · Teamviewer · Teamviewer
Name of the Vulnerable Software and Affected Versions: TeamViewer versions prior to 15.69 Description: A race condition exists in the directory validation logic within the TeamViewer Full Client and Host on Windows. This allows a local, non-administrator user to create arbitrary files with SYSTEM...
PT-2022-2555 · Amazon · Amazon Aws Client Vpn
Name of the Vulnerable Software and Affected Versions: Amazon AWS VPN Client version 2.0.0 Description: An issue exists in the Amazon AWS VPN Client, allowing parameters outside of the allow list to be injected into the configuration file. This can lead to an arbitrary file write as SYSTEM with...
Information Disclosure
webkitgtk4 is vulnerable to information disclosure. The vulnerability exists through the lack of validation, causing a race condition condition that allows reading of restricted memory...
systemtap: signed module loading race condition
The insertmodule function in runtime/staprun/staprunfuncs.c in the systemtap runtime tool staprun in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module...
[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race
------------------------------------------------------------------------ Debian Security Advisory 735-1 [email protected] http://www.debian.org/security/ Michael Stone July 01, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race
------------------------------------------------------------------------ Debian Security Advisory 735-1 [email protected] http://www.debian.org/security/ Michael Stone July 01, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...