Open OnDemand 安全漏洞

Open OnDemand is an open source implementation of Open Interactive HPC over the Web from Ohio Supercomputer Center. A security vulnerability exists in Open OnDemand versions prior to 4.0.8 and prior to 3.1.16, which stems from the presence of a globally writable location in GEMPATH...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version 0.12.33, which stems from the default setting of the NLTK data directory as a codebase subdirectory and globally writable, which could result in a denial of...

Ensure That the Sticky Bit Is Set for Globally Writable Directories

The sticky bit of a common file is ignored by the kernel. The sticky bit shows up as the execute permission flag of a directory and is indicated with t. If the sticky bit set is for a directory, a user who is not root or the directory owner cannot delete files or directories in the directory,...

Do Not Allow Globally Writable Files

Globally writable files can be written by any user in the system, which is generally not needed. If a file is improperly set to globally writable, the file can be easily tampered with by attackers, causing security risks. Therefore, if a file is required to be globally writable, the actual scenar...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide versions prior to 0.17.0, which stems from the fact that files in the repository are globally writable under certain circumstances...

Nix 安全漏洞

Nix is a powerful package manager from the Nix open source. It is used for making packages. Nix has a security vulnerability that stems from built-in builders on macOS that are not executed in the macOS sandbox, resulting in these builders being able to access globally readable paths and globally...

Axigen 安全漏洞

Axigen is a mail server with groupware and collaboration features from Axigen, Inc. A security vulnerability exists in Axigen version 10.5.18 and earlier that originates from a vulnerability that allows a local, low-privilege attacker to execute arbitrary code and elevate privileges by loading an...

VMware Spring Security Security Vulnerability

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.1.1 through 6.1.3, 6.0.4 through 6.0.6, 5.8.4 through 5.8.6, and 5.7.9 through 5.7.10, which stems fro...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit versions 4.23.0 and 4.24.0, which stems from a problem with the permissions settings of files contained in the gem, and can be used by an attacker to modify globally writable files in this gem...

Unspecified Vulnerability in GNU Guix

GNU Guix is an open source, cross-platform package manager from the GNU Project. A security vulnerability in GNU Guix version 1.0.1, which stems from the parent directory of the user profile directory being globally writable, can be exploited by a local attacker to gain access to arbitrary users...

IBM SPSS Statistics Elevation of Privilege Vulnerability

IBM SPSS Statistics is a suite of statistical analysis software from IBM USA that helps organizations address the entire analytical process from planning and data collection to analysis, reporting and deployment. A security vulnerability exists in IBM SPSS Statistics versions 22.0.0.2 and 23.0.0....