SUSE CVE-2024-4030

On Windows a directory returned by tempfile.mkdtemp would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

AWS CLI: cli_history database does not restrict file permissions on Unix systems

Summary AWS CLI is a command line tool for interacting with AWS services. When the clihistory feature is enabled, the history database file is created with default permissions, potentially allowing other local users on a multi-user system to read the file. Impact When clihistory is enabled, AWS C...

CVE-2025-62724 Open OnDemand allowlist bypass using symlinks in directory downloads (TOCTOU)

Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...

EUVD-2025-198294

Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...

EUVD-2021-1376

Malware in sbrugna...

EUVD-2005-1776

Malware in sbrugna...

EUVD-2021-0611

Malware in sbrugna...

EUVD-2021-1457

Malware in sbrugna...

EUVD-2024-2176

Malicious code in bioql PyPI...

CVE-2024-4030

On Windows a directory returned by tempfile.mkdtemp would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

CVE-2023-50974

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

RHEL 6 : samba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cifs-utils: stack-based buffer overflow flaw in pamcifscreds CVE-2014-2830 - samba: Server heap-memory...

PT-2024-12824 · Intel +1 · Libva +1

Name of the Vulnerable Software and Affected Versions: Libva versions prior to 2.20.0 Description: The issue is related to an uncontrolled search path in some Libva software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This is caused by a...

CVE-2024-4030 tempfile.mkdtemp() may be readable and writeable by all users on Windows

On Windows a directory returned by tempfile.mkdtemp would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

PSF-2024-3

On Windows a directory returned by tempfile.mkdtemp would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in python that stems from Python's lack of support for Unix permissions on Windows...

PT-2024-7267 · Python +1 · Python +1

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.13 Description: The issue is related to the tempfile.mkdtemp function in Python, which on Windows, may not always set the correct permissions for the temporary directory, allowing other users to read and write to it...

Command injection

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

PYSEC-2024-2

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...