Red Hat Web Terminal 安全漏洞

Red Hat Web Terminal is a browser-based terminal tool developed by the American company Red Hat. There is a security vulnerability in Red Hat Web Terminal, which stems from the fact that the /etc/passwd file was set with writeable group permissions during the build process. This vulnerability cou...

Red Hat Openshift Data Foundation 安全漏洞

Red Hat Openshift Data Foundation is a software-defined storage platform developed by Red Hat Inc. There is a security vulnerability in Red Hat Openshift Data Foundation 4. This vulnerability stems from the /etc/passwd file, which was created during construction and has write permissions for...

CVE-2025-58712

A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

EUVD-2000-0743

Malware in sbrugna...

CVE-2025-37827

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: return EIO on RAID1 block group write pointer mismatch There was a bug report about a NULL pointer dereference in btrfsaddfreespacezoned that ultimately happens because a conversion from the default metadata profile...

CVE-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix grou...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions 2.8.2 through 2.8...

SUSE CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

tomcat: tomcat writable config files allow privilege escalation

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

DSA-422 cvs - remote vulnerability

Bulletin has no description...

[Full-Disclosure] RealOne Player local privilege escalation

Greetings, RealOne Player for the UNIX platform, sometimes referred to as the "community supported" realplayer version 9, installs per-user configuration files with group write permissions by default. On most UNIX variants, this is a serious issue as most users belong to the same group and...

CVE-2000-0748

OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse...

Проблемы с OpenLDAP

исполняемые файлы устанавливаются с разрешениями позволяющие запись для группы...