Lucene search
K

576 matches found

Github Security Blog
Github Security Blog
added 2021/03/03 11:1 p.m.63 views

Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

4.3CVSS0.6AI score0.00563EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/03/03 11:1 p.m.12 views

GHSA-2CXF-6567-7PP6 Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

3CVSS3.5AI score0.00563EPSS
Exploits0References3
CVE
CVE
added 2021/03/03 11:0 p.m.102 views

CVE-2021-21331

The CVE affects the Java Datadog API client prior to version 1.0.0-beta.9. The issue is a local information disclosure caused by a temporary file created with insecure permissions (-rw-r--r--) in the prepareDownloadFilecreates pathway, with downloaded content via downloadFileFromResponse exposed ...

4.3CVSS3.5AI score0.00563EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/03 11:0 p.m.31 views

CVE-2021-21331 DataDog API Client contains a Local Information Disclosure Vulnerability

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...

3CVSS4AI score0.00563EPSS
Exploits0References2
CNVD
CNVD
added 2021/02/23 12:0 a.m.3 views

Denial of Service Vulnerability in SerenityOS

SerenityOS is a graphical Unix-like operating system for x86 computers. A denial of service vulnerability exists in SerenityOS. An attacker could exploit this vulnerability to cause a denial of service attack...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/02/08 9:17 p.m.99 views

Local Information Disclosure Vulnerability in Netty on Unix-Like systems

Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 score of this vulnerability is calculated to be a 6.2/10 Vulnerability Details On unix-like systems, th...

6.2CVSS7.1AI score0.01777EPSS
Exploits1References41Affected Software3
OSV
OSV
added 2021/02/08 9:17 p.m.3 views

GHSA-5MCR-GQ6C-3HQ2 Local Information Disclosure Vulnerability in Netty on Unix-Like systems

Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 score of this vulnerability is calculated to be a 6.2/10 Vulnerability Details On unix-like systems, th...

6.2CVSS6.7AI score0.01777EPSS
Exploits2References41
NVD
NVD
added 2021/02/08 8:15 p.m.26 views

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

6.2CVSS0.01777EPSS
Exploits1References39
OSV
OSV
added 2021/02/08 8:15 p.m.34 views

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

5.5CVSS7.8AI score
Exploits0References39
OSV
OSV
added 2021/02/08 8:15 p.m.2 views

DEBIAN-CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

5.5CVSS6AI score0.01777EPSS
Exploits1References1
OSV
OSV
added 2021/02/08 8:15 p.m.3 views

UBUNTU-CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

6.2CVSS6.6AI score0.01777EPSS
Exploits1References5
Prion
Prion
added 2021/02/08 8:15 p.m.34 views

Design/Logic Flaw

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

1.9CVSS5.8AI score0.01777EPSS
Exploits1References39Affected Software10
UbuntuCve
UbuntuCve
added 2021/02/08 8:15 p.m.36 views

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

6.2CVSS6.6AI score0.01777EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/02/08 8:10 p.m.33 views

CVE-2021-21290 Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

6.2CVSS6.1AI score0.01777EPSS
Exploits1References39
CVE
CVE
added 2021/02/08 8:10 p.m.524 views

CVE-2021-21290

CVE-2021-21290 relates to Netty before 4.1.59.Final, where an insecure temp file in Unix-like systems could lead to local information disclosure when uploads are stored on disk via multipart decoders. The Unix temp dir is shared among users, and files created with File.createTempFile may have ins...

6.2CVSS6.2AI score0.01777EPSS
Exploits1References39Affected Software1
Debian CVE
Debian CVE
added 2021/02/08 8:10 p.m.32 views

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

6.2CVSS6AI score0.01777EPSS
Exploits1
OSV
OSV
added 2021/02/03 6:15 p.m.3 views

CVE-2021-23331

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

3.3CVSS5.8AI score0.00341EPSS
Exploits0References2
CNVD
CNVD
added 2021/01/27 12:0 a.m.4 views

Sudo Buffer Overflow Vulnerability

Sudo is a program used on Unix-like systems that allows the user to execute commands in a secure way with special privileges. Sudo suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to gain root privileges on the system...

7.8CVSS8.6AI score0.99295EPSS
Exploits81References1
Qualys Blog
Qualys Blog
added 2021/01/26 6:9 p.m.1434 views

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the exploit. Original Post: The Qualys Research Team has discovered a heap overflow vulnerability in sudo...

7.2CVSS0.4AI score0.99295EPSS
Exploits81
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.7 views

Sudo 缓冲区错误漏洞

Sudo is a program used on Unix-like systems that allows the user to execute commands in a secure way with special privileges. Sudo suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to gain root privileges on the system...

7.8CVSS7.4AI score0.99295EPSS
Exploits81References84
Rows per page
Query Builder