20 matches found
CVE-2026-6842
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...
CVE-2026-29127
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...
PT-2025-38260
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly2 uses the os.MkdirAll function to create directory paths with specific access permissions. This function does not perform permission checks if a directory path already exists, allowing a...
SUSE CVE-2009-3897
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the basedir directory, and possibly the basedir directory...
GHSA-2VP2-8M5J-4RJX cnlh nps vulnerable to file overwrite by local user
lib/install/install.go in cnlh nps prior to 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...
CVE-2021-27142
An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions...
CVE-2021-27142
An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions...
Hardcoded credentials
An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions...
CVE-2019-17383
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem...
DEBIAN-CVE-2016-10120
Firejail uses 0777 permissions when mounting 1 /dev, 2 /dev/shm, 3 /var/tmp, or 4 /var/lock, which allows local users to gain privileges...
UBUNTU-CVE-2016-10120
Firejail uses 0777 permissions when mounting 1 /dev, 2 /dev/shm, 3 /var/tmp, or 4 /var/lock, which allows local users to gain privileges...
Code injection
Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges...
CVE-2016-10119
Firejail is affected by CVE-2016-10119: the vulnerability arises from Firejail mounting /tmp with 0777 permissions, enabling local privilege escalation. Affected component: Firejail; root cause: incorrect permissions on /tmp during mount. Impact: local users could gain privileges (as described). ...
CVE-2016-10120
Firejail uses 0777 permissions when mounting 1 /dev, 2 /dev/shm, 3 /var/tmp, or 4 /var/lock, which allows local users to gain privileges...
CVE-2016-10119
Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges...
UBUNTU-CVE-2013-1813
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors...
CVE-2013-1813
CVE-2013-1813 affects BusyBox where util-linux/mdev.c creates intermediate /dev/ directories with 0777 permissions when nesting (/dev/dir1/dir2/...), allowing local users to exploit the improper permission handling. The linked Nessus/OpenVAS entries (e.g., MiracleLinux AXSA advisory referencing B...
busybox: insecure directory permissions in /dev
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors...
Server: insecure pid file directory permissions
The setup scripts in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x, when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service daemon outage or arbitrary process termination by...
PT-2009-6119 · Dovecot · Dovecot
Name of the Vulnerable Software and Affected Versions: Dovecot versions 1.2.x through 1.2.7 Description: The issue allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base dir directory, and possibly the base dir directory...