CVE-2019-25747

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ was used. The FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created during file uploads. It was also not applied to intermediate-level static...

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ was used. The intermediate-level directories of the filesystem cache had the system’s standard umask instead of 0o077...

CVE-2021-47898

Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMPUDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access...

EUVD-2020-0069

Malware in sbrugna...

SUSE CVE-2018-16588

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 SLE-12 and through 4.5-5.39 for SUSE Linux Enterprise 15 SLE-15. Non-existing intermediate directories are created with mode 0777 durin...

SUSE CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

rpm 后置链接漏洞

rpm is a powerful command-line driven package management tool used to install, uninstall, verify, query, and update packages on Linux systems. A security vulnerability exists in rpm that stems from not performing unsafe symbolic link checks on intermediate directories. An attacker exploiting this...

GHSA-M6GJ-H9GM-GW44 Django Incorrect Default Permissions

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

ALPINE-CVE-2020-24584

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...

ALPINE-CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

DEBIAN-CVE-2020-24584

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...

DEBIAN-CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

PYSEC-2020-33

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

UBUNTU-CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

Security update for shadow (moderate)

This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 bsc1106914 This update was imported from the SUSE:SLE-15:Update update project...