570 matches found
Design/Logic Flaw
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...
CVE-2021-22572 Data-transfer-project information disclosure via tmp directory
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...
CVE-2021-22572
CVE-2021-22572 concerns a data disclosure in Unix-like environments where the system temporary directory is shared among users. The root cause is that File.createTempFile creates files in the system tmp directory with world-readable permissions, allowing any local user to view sensitive data writ...
netty: Information disclosure via the local system temporary directory
In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...
OpenBSD Integer Sign Error Vulnerability
OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD Openbsd project team. OpenBSD suffers from an integer sign error vulnerability that stems from a heap-based buffer overflow caused by the presence of an integer sign error in an application; no detailed...
The vulnerability of the File Manager web interface for system administration on UNIX-like operating systems, such as Webmin, allows a perpetrator to escalate their privileges or execute arbitrary code.
The vulnerability of the File Manager web interface for system administration in UNIX-like operating systems, such as Webmin, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to increase their privileges or execute arbitrary code by...
The vulnerability in the implementation of the cron/save_allow.cgi script of the Scheduled Cron Jobs web interface for system administration on UNIX-like operating systems like Webmin allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the cron/saveallow.cgi implementation in the Scheduled Cron Jobs web interface for system administration on UNIX-like operating systems, such as Webmin, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to gain...
Netatalk 安全漏洞
Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk that stems from a failure to properly validate the length of user-supplied data before copying it to a fixed-length stack-based...
Mozilla: Temporary files downloaded to /tmp and accessible by other local users
The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior...
Vim 缓冲区错误漏洞
Vim is an editor based on the UNIX platform. there is a security vulnerability in Vim and no details of the vulnerability are currently available...
webmin Elevation of Privilege Vulnerability (CNVD-2022-17023)
Webmin is the Webmin community's set of Web-based system management tools for Unix-like operating systems. webmin versions prior to 1.990 have an elevation of privilege vulnerability that stems from a faulty program to high-level local procedure calls. An attacker could exploit this vulnerability...
Apache Gobblin Information Disclosure Vulnerability
Apache Gobblin is a distributed data integration framework from the U.S. Apache Apache Foundation. It is used to simplify common aspects of big data integration. A security vulnerability exists in Apache Gobblin, which stems from a Hadoop token being written to a temporary file that is visible to...
GHSA-P435-W4XM-JJ8X Hadoop token in temp file visible to all users in Apache Gobblin
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions = 0.15.0. Users should update to version 0.16.0 which addresses this issue...
Hadoop token in temp file visible to all users in Apache Gobblin
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions = 0.15.0. Users should update to version 0.16.0 which addresses this issue...
CVE-2021-36151
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions = 0.15.0. Users should update to version 0.16.0 which addresses this issue...
Design/Logic Flaw
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions = 0.15.0. Users should update to version 0.16.0 which addresses this issue...
CVE-2021-36151 Local Credentials Disclosure Vulnerability
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions = 0.15.0. Users should update to version 0.16.0 which addresses this issue...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
pwnKit About: Title: pwnKit Description: Privilege esc...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
pwnKit About: Title: pwnKit Description: Privilege esc...
ROS-20220128-01
The vulnerability in the Polkit library for UNIX-like operating systems is related to improper handling of the number of call parameters in the pkexec setuid binary, which causes the binary to executes environment variables as commands. Exploitation of the vulnerability could allow an attacker to...