Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2024/08/24 1:40 a.m.16 views

CVE-2024-43791

A flaw was found in RequestStore, which provides per-request global storage. This flaw allows a malicious user to execute arbitrary code due to global permission issues...

7.8CVSS7.7AI score0.00194EPSS
Exploits0References4
OSV
OSV
added 2024/08/23 6:54 p.m.11 views

GHSA-FRP2-5QFC-7R8M request_store has Incorrect Default Permissions

Impact The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of thi...

8.5CVSS7.6AI score0.00194EPSS
Exploits0References4
NVD
NVD
added 2024/08/23 3:15 p.m.29 views

CVE-2024-43791

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS0.00194EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/08/23 3:15 p.m.15 views

CVE-2024-43791

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS7.1AI score0.00194EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/08/23 2:39 p.m.12 views

CVE-2024-43791

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS7.9AI score0.00194EPSS
Exploits0
Cvelist
Cvelist
added 2024/08/23 2:39 p.m.33 views

CVE-2024-43791 RequestStore has Incorrect Default Permissions

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS0.00194EPSS
Exploits0References1
OSV
OSV
added 2024/08/23 2:39 p.m.22 views

CVE-2024-43791 RequestStore has Incorrect Default Permissions

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS7.5AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.4 views

PT-2024-30660 · Unknown · Request Store

Name of the Vulnerable Software and Affected Versions: request store version 1.3.2 Description: The files published as part of request store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, a...

7.8CVSS7.3AI score0.00194EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.5 views

PT-2024-1854 · Rack-Cors · Rack-Cors

Name of the Vulnerable Software and Affected Versions: rack-cors aka Rack CORS Middleware version 2.0.1 Description: The issue is related to incorrectly used standard permissions in the Rack CORS Middleware, which may allow an attacker to impact the integrity, confidentiality, and availability of...

9.1CVSS6.8AI score0.00771EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.3CVSS9.3AI score0.01599EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2017/09/13 12:0 a.m.6 views

PT-2017-13468 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue is related to the permissions of the /var/passwd file, which has 0666 permissions. This could potentially...

7.8CVSS7.4AI score0.0034EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2017/09/13 12:0 a.m.6 views

PT-2017-13472 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the permissions of /var/run/hostapd files, which have 0666 permissions. Recommendations: For D-Li...

7.8CVSS7.5AI score0.0034EPSS
Exploits1References2
Prion
Prion
added 2011/12/15 3:57 a.m.21 views

Code injection

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

3.6CVSS6.6AI score0.00434EPSS
Exploits0References15Affected Software1
NVD
NVD
added 2011/05/20 10:55 p.m.15 views

CVE-2011-1784

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

3.6CVSS6.1AI score0.00367EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2011/05/20 10:55 p.m.21 views

CVE-2011-1784

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

3.6CVSS5.9AI score0.00367EPSS
Exploits0References2
Prion
Prion
added 2011/05/20 10:55 p.m.12 views

Code injection

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

3.6CVSS6.5AI score0.00367EPSS
Exploits0References11Affected Software1
OpenVAS
OpenVAS
added 2009/12/23 12:0 a.m.28 views

IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)

The host is installed with IBM DB2 and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodibmdb2stmmdosvulnlin.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM DB2 Self Tuning Memory Manager STMM DOS Vulnerability Linux Authors: Antu Sanadi Updated By: Antu Sanadi on...

6.5CVSS0.4AI score0.01567EPSS
Exploits0References3
Rows per page
Query Builder