Lucene search
+L

54 matches found

Positive Technologies
Positive Technologies
added 2020/05/31 12:0 a.m.22 views

PT-2020-6975 · Audacity +5 · Audacity +5

Name of the Vulnerable Software and Affected Versions: Audacity versions 2.3.3 and earlier Description: The issue is related to the default permission settings in Audacity. When Audacity creates temporary files, it saves them to /var/tmp/audacity-$USER and sets the permissions to 755. This allows...

7.8CVSS7.5AI score0.02136EPSS
Exploits0References34
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.10 views

ansible: insecure temporary directory when running become_user from become directive

A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p "; this operation does not fail if...

5CVSS7.1AI score0.004EPSS
Exploits1References4
OSV
OSV
added 2020/03/11 7:15 p.m.3 views

ALPINE-CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS6.7AI score0.004EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2020/03/11 7:15 p.m.31 views

CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS6.7AI score0.004EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2020/03/11 6:47 p.m.26 views

CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

5CVSS6.7AI score0.004EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/03/11 12:0 a.m.10 views

PT-2020-6579

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.17 and prior Ansible Engine versions 2.8.9 and prior Ansible Engine versions 2.9.6 and prior Description The issue is related to a race condition flaw in Ansible Engine when running a playbook with an unprivileged...

5CVSS7.6AI score0.004EPSS
Exploits1References199
OpenVAS
OpenVAS
added 2020/01/10 12:0 a.m.9 views

Linux: Separate partition for /var/tmp

The /var/tmp directory is a world-writable directory used for temporary storage. This script tests if a separate partition exists for /var/tmp. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify i...

7.3AI score
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2019/01/29 12:0 a.m.115 views

Security update for systemd (important)

openSUSE Security Update: Security update for systemd Announcement ID: openSUSE-SU-2019:0098-1 Rating: important References: 1005023 1045723 1076696 1080919 1093753 1101591 1111498 1114933 1117063 1119971 1120323 Cross-References: CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-6954 Affecte...

7.8CVSS6.9AI score0.02958EPSS
Exploits5References11
OpenVAS
OpenVAS
added 2019/01/09 12:0 a.m.8 views

Linux: Check options for /var/tmp directory

The /var/tmp directory is a world-writable directory used for temporary storage. This script tests options set on /var/tmp filesystem. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under t...

7.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/11/27 1:39 a.m.8 views

sos-collector: incorrect permissions set on newly created files

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the...

5.9CVSS5.8AI score0.00429EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2018/09/27 8:29 p.m.22 views

CVE-2018-14650

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the...

5.9CVSS6.1AI score0.00429EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2018/09/27 1:49 p.m.16 views

CVE-2018-14650

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the...

5.9CVSS1AI score0.00429EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2017/07/25 6:29 p.m.18 views

CVE-2015-3171

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...

5.5CVSS6.1AI score0.00342EPSS
Exploits0References1
PyPA
PyPA
added 2017/07/25 6:29 p.m.6 views

PYSEC-2017-72

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...

5.5CVSS6.2AI score0.00342EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/07/25 6:0 p.m.24 views

CVE-2015-3171

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...

5.1AI score0.00342EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/07/25 6:0 p.m.45 views

CVE-2015-3171

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...

5.5CVSS5.1AI score0.00342EPSS
Exploits0
OSV
OSV
added 2017/04/13 2:59 p.m.4 views

UBUNTU-CVE-2016-10120

Firejail uses 0777 permissions when mounting 1 /dev, 2 /dev/shm, 3 /var/tmp, or 4 /var/lock, which allows local users to gain privileges...

7.8CVSS7.1AI score0.00394EPSS
Exploits0References4
Cvelist
Cvelist
added 2015/12/07 6:0 p.m.26 views

CVE-2015-5273

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp...

6AI score0.00901EPSS
Exploits5References7
Positive Technologies
Positive Technologies
added 2015/11/23 12:0 a.m.5 views

PT-2015-6825 · Red Hat +1 · Abrt +2

Name of the Vulnerable Software and Affected Versions: ABRT versions prior to 2.7.1 Description: The issue allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. This is related to the...

6.9CVSS5.9AI score0.03268EPSS
Exploits18References28
Prion
Prion
added 2014/08/20 2:55 p.m.16 views

Design/Logic Flaw

The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file...

3.3CVSS6.5AI score0.00432EPSS
Exploits0References9Affected Software4
Rows per page
Query Builder