Lucene search
+L

58 matches found

vulnrichment
vulnrichment
added 2024/01/09 12:0 a.m.11 views

CVE-2023-50974

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

6.5AI score0.00293EPSS
Exploits1References2
cvelist
cvelist
added 2024/01/09 12:0 a.m.47 views

CVE-2023-50974

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...

5.6AI score0.00293EPSS
Exploits1References2
nessus
nessus
added 2023/09/07 12:0 a.m.17 views

Oracle Linux 7 : samba (ELSA-2019-2099)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2099 advisory. - resolves: 1696524 - Fix CVE-2019-3880 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

5.5CVSS5.7AI score0.03392EPSS
Exploits0References2
osv
osv
added 2023/08/03 2:30 p.m.5 views

USN-6275-1 cargo, rust-cargo vulnerability

Addison Crump discovered that Cargo incorrectly set file permissions on UNIX-like systems when extracting crate archives. If the crate would contain files writable by any user, a local attacker could possibly use this issue to execute code as another user...

7.9CVSS7.1AI score0.00763EPSS
Exploits0References2
f5
f5
added 2023/02/21 6:33 p.m.40 views

K20804356: Samba vulnerabilities CVE-2019-3870 and CVE-2019-3880

Security Advisory Description CVE-2019-3870 A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that...

6.1CVSS4.8AI score0.03392EPSS
Exploits1
susecve
susecve
added 2023/02/15 5:37 a.m.4 views

SUSE CVE-2013-2905

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

5CVSS5.9AI score0.0084EPSS
Exploits0References3
osv
osv
added 2022/01/19 11:15 p.m.5 views

UBUNTU-CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

5.5CVSS7AI score0.00302EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2022/01/19 12:0 a.m.5 views

PT-2022-1771 · Unknown · Log4Js-Node

Name of the Vulnerable Software and Affected Versions: log4js-node versions prior to 6.4.0 Description: The issue is related to the default file permissions for log files created by the file, fileSync, and dateFile appenders in log4js-node, which are world-readable in Unix. This could cause...

5.5CVSS5.5AI score0.00302EPSS
Exploits0References21
github
github
added 2021/12/14 9:44 p.m.47 views

Files Accessible to External Parties in Opencast

Opencast before version 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Impact Before Opencast 10.6, Opencast would open and include local files during...

9.9CVSS1.3AI score0.01964EPSS
Exploits1References6Affected Software1
nvd
nvd
added 2021/12/14 8:15 p.m.27 views

CVE-2021-43821

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interfac...

9.9CVSS0.01964EPSS
Exploits1References4
osv
osv
added 2021/12/14 8:15 p.m.30 views

CVE-2021-43821

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interfac...

7.7CVSS6.4AI score
Exploits0References4
prion
prion
added 2021/12/14 8:15 p.m.33 views

Design/Logic Flaw

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interfac...

4CVSS7.3AI score0.01964EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2021/12/14 7:15 p.m.27 views

CVE-2021-43821 Files Accessible to External Parties in Opencast

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interfac...

9.9CVSS9.3AI score0.01964EPSS
Exploits1References4
cve
cve
added 2021/12/14 7:15 p.m.143 views

CVE-2021-43821

Opencast before versions 9.10 and 10.6 is vulnerable to an issue where ingested media packages can reference local file URLs, causing the system to open and include local host files and expose them via the web interface. The root cause is the ability to include local files during ingests, allowin...

9.9CVSS7.5AI score0.01964EPSS
Exploits1References4Affected Software1
osv
osv
added 2021/10/04 9:15 p.m.23 views

CVE-2021-41089

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem,...

6.3CVSS6.5AI score
Exploits0References5
redhatcve
redhatcve
added 2020/01/12 3:42 a.m.31 views

CVE-2019-3880

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Mitigation...

5.5CVSS1.4AI score0.03392EPSS
Exploits0References4
nessus
nessus
added 2019/12/31 12:0 a.m.34 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Vulnerability (NS-SA-2019-0244)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by a vulnerability: - A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to crea...

5.5CVSS5.7AI score0.03392EPSS
Exploits0References2
amazon
amazon
added 2019/11/04 12:0 a.m.56 views

Medium: samba

Issue Overview: A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba...

5.5CVSS5.1AI score0.03392EPSS
Exploits0
nessus
nessus
added 2019/10/15 12:0 a.m.29 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : samba Vulnerability (NS-SA-2019-0197)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has samba packages installed that are affected by a vulnerability: - A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to crea...

5.5CVSS5.7AI score0.03392EPSS
Exploits0References2
redhatcve
redhatcve
added 2019/10/11 5:59 p.m.76 views

CVE-2019-10161

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...

8.8CVSS3.2AI score0.00516EPSS
Exploits0References3
Rows per page
Query Builder