4199 matches found
CVE-2026-21765
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...
CVE-2026-21765
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...
CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...
CVE-2026-21765
CVE-2026-21765 concerns the HCL BigFix Platform, where private cryptographic keys on Windows hosts may have overly permissive file system permissions. The root cause stated is insecure permissions on private keys, potentially exposing confidentiality, integrity, and availability (all scored high)...
GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool
The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...
PT-2026-29651
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...
CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
CVE-2021-27700
SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc...
Security update for kea
This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: CVE-2025-32801: Fixed loading a malicious hook library can lead to local privilege escalation. CVE-2025-32802: Fixed insecure handling of file paths allows multiple local attacks. CVE-2025-32803: Fixed insecure fi...
CVE-2026-33430 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...
CVE-2026-33430 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...
CVE-2026-4822 Enter Software Iperius Backup Backup Service temp file
A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only...
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
Impact If a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, the installation process creates an directory that inherits all the permissions of the parent directory. Depending on the location chosen by...
EUVD-2019-19884
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...
CVE-2019-25568
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...
CVE-2019-25568
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...
CVE-2026-32810 Halloy has insecure file permissions on credential files
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32810
Halloy is an IRC app written in Rust. Before commit f180e41061db393acf65bc99f5c5e7397586d9cb, Halloy creates its config directory and files with default umask permissions (typically 0644 files, 0755 dirs), allowing any local user to read plaintext credentials in config.toml or referenced password...
EUVD-2026-13865
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
Insecure Temporary File
Overview @capgo/cli is an A CLI to upload to capgo servers Affected versions of this package are vulnerable to Insecure Temporary File via unsafe file operations that follow symlinks and do not enforce secure permissions. An attacker can overwrite arbitrary files or expose sensitive credential...