54 matches found
PT-2020-6975 · Audacity +5 · Audacity +5
Name of the Vulnerable Software and Affected Versions: Audacity versions 2.3.3 and earlier Description: The issue is related to the default permission settings in Audacity. When Audacity creates temporary files, it saves them to /var/tmp/audacity-$USER and sets the permissions to 755. This allows...
ansible: insecure temporary directory when running become_user from become directive
A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p "; this operation does not fail if...
ALPINE-CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...
CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...
CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...
PT-2020-6579
Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.17 and prior Ansible Engine versions 2.8.9 and prior Ansible Engine versions 2.9.6 and prior Description The issue is related to a race condition flaw in Ansible Engine when running a playbook with an unprivileged...
Linux: Separate partition for /var/tmp
The /var/tmp directory is a world-writable directory used for temporary storage. This script tests if a separate partition exists for /var/tmp. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify i...
Security update for systemd (important)
openSUSE Security Update: Security update for systemd Announcement ID: openSUSE-SU-2019:0098-1 Rating: important References: 1005023 1045723 1076696 1080919 1093753 1101591 1111498 1114933 1117063 1119971 1120323 Cross-References: CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-6954 Affecte...
Linux: Check options for /var/tmp directory
The /var/tmp directory is a world-writable directory used for temporary storage. This script tests options set on /var/tmp filesystem. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under t...
sos-collector: incorrect permissions set on newly created files
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the...
CVE-2018-14650
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the...
CVE-2018-14650
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the...
CVE-2015-3171
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...
PYSEC-2017-72
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...
CVE-2015-3171
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...
CVE-2015-3171
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...
UBUNTU-CVE-2016-10120
Firejail uses 0777 permissions when mounting 1 /dev, 2 /dev/shm, 3 /var/tmp, or 4 /var/lock, which allows local users to gain privileges...
CVE-2015-5273
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp...
PT-2015-6825 · Red Hat +1 · Abrt +2
Name of the Vulnerable Software and Affected Versions: ABRT versions prior to 2.7.1 Description: The issue allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. This is related to the...
Design/Logic Flaw
The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file...