GNU nano 安全漏洞

GNU nano is a lightweight terminal text editor from the GNU community in the United States. Versions of GNU nano prior to 9.0 contained security vulnerabilities. These vulnerabilities stemmed from overly permissive permissions when creating the user’s /.local directory. This could allow local...

CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic keys

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

CVE-2026-29127

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...

CVE-2026-29127

The CVE-2026-29127 affects the IDC SFX2100 Satellite Receiver, where the monitor user’s home directory is configured with overly permissive permissions (0777). This enables local privilege escalation because highly privileged processes and binaries in that directory could be exploited by any loca...

CVE-2025-34428

MailEnable

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2021-47700

Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and potential code...

CVE-2025-34135 Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-61035

The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written without symlink...

Incorrect Permission Assignment for Critical Resource

Overview seffaflik is an EPİAŞ tarafından Şeffaflık Platformunda yayımlanmakta olan verileri çekmek için tasarlanmış Python kütüphanesi Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the creation of .kimlik and .seffaflik files with...

EUVD-2018-12701

Malware in sbrugna...

EUVD-2025-29572

Malicious code in bioql PyPI...

CVE-2025-34206

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments mount host configuration and secret material under /var/www/efsstorage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20 and prior unsupported versions, which stems from an overly generous file permission settin...

PT-2025-5371 · Rockwell Automation · Factorytalk® View Site Edition

Name of the Vulnerable Software and Affected Versions: Product and version affected versions not specified Description: A Local Code Injection issue exists due to incorrect default permissions, allowing for the execution of DLLs with higher-level permissions. Recommendations: At the moment, there...

CVE-2024-28862

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

PT-2023-14293 · Arm · Arm Compiler 5 (Ac5) +11

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises when the installation directory lacks sufficiently restrictive file permissions, allowing an attacker to modify files and execute malicious code. Recommendations: At the...

SUSE CVE-2020-1736

A flaw was found in Ansible Engine when a file is moved using atomicmove primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions...