576 matches found
Local Information Disclosure Vulnerability
Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...
GHSA-2CXF-6567-7PP6 Local Information Disclosure Vulnerability
Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...
CVE-2021-21331
The CVE affects the Java Datadog API client prior to version 1.0.0-beta.9. The issue is a local information disclosure caused by a temporary file created with insecure permissions (-rw-r--r--) in the prepareDownloadFilecreates pathway, with downloaded content via downloadFileFromResponse exposed ...
CVE-2021-21331 DataDog API Client contains a Local Information Disclosure Vulnerability
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...
Denial of Service Vulnerability in SerenityOS
SerenityOS is a graphical Unix-like operating system for x86 computers. A denial of service vulnerability exists in SerenityOS. An attacker could exploit this vulnerability to cause a denial of service attack...
Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 score of this vulnerability is calculated to be a 6.2/10 Vulnerability Details On unix-like systems, th...
GHSA-5MCR-GQ6C-3HQ2 Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 score of this vulnerability is calculated to be a 6.2/10 Vulnerability Details On unix-like systems, th...
CVE-2021-21290
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
CVE-2021-21290
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
DEBIAN-CVE-2021-21290
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
UBUNTU-CVE-2021-21290
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
Design/Logic Flaw
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
CVE-2021-21290
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
CVE-2021-21290 Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
CVE-2021-21290
CVE-2021-21290 relates to Netty before 4.1.59.Final, where an insecure temp file in Unix-like systems could lead to local information disclosure when uploads are stored on disk via multipart decoders. The Unix temp dir is shared among users, and files created with File.createTempFile may have ins...
CVE-2021-21290
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
CVE-2021-23331
This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...
Sudo Buffer Overflow Vulnerability
Sudo is a program used on Unix-like systems that allows the user to execute commands in a secure way with special privileges. Sudo suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to gain root privileges on the system...
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the exploit. Original Post: The Qualys Research Team has discovered a heap overflow vulnerability in sudo...
Sudo 缓冲区错误漏洞
Sudo is a program used on Unix-like systems that allows the user to execute commands in a secure way with special privileges. Sudo suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to gain root privileges on the system...