17 matches found
CVE-2024-43791
A flaw was found in RequestStore, which provides per-request global storage. This flaw allows a malicious user to execute arbitrary code due to global permission issues...
GHSA-FRP2-5QFC-7R8M request_store has Incorrect Default Permissions
Impact The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of thi...
CVE-2024-43791
RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...
CVE-2024-43791
RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...
CVE-2024-43791
RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...
CVE-2024-43791 RequestStore has Incorrect Default Permissions
RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...
CVE-2024-43791 RequestStore has Incorrect Default Permissions
RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...
PT-2024-30660 · Unknown · Request Store
Name of the Vulnerable Software and Affected Versions: request store version 1.3.2 Description: The files published as part of request store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, a...
PT-2024-1854 · Rack-Cors · Rack-Cors
Name of the Vulnerable Software and Affected Versions: rack-cors aka Rack CORS Middleware version 2.0.1 Description: The issue is related to incorrectly used standard permissions in the Rack CORS Middleware, which may allow an attacker to impact the integrity, confidentiality, and availability of...
SUSE CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...
PT-2017-13468 · D Link · D-Link Dir-850L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue is related to the permissions of the /var/passwd file, which has 0666 permissions. This could potentially...
PT-2017-13472 · D Link · D-Link Dir-850L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the permissions of /var/run/hostapd files, which have 0666 permissions. Recommendations: For D-Li...
Code injection
ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...
CVE-2011-1784
The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...
CVE-2011-1784
The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...
Code injection
The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...
IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)
The host is installed with IBM DB2 and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodibmdb2stmmdosvulnlin.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM DB2 Self Tuning Memory Manager STMM DOS Vulnerability Linux Authors: Antu Sanadi Updated By: Antu Sanadi on...