Lucene search
+L

52 matches found

Github Security Blog
Github Security Blog
added 2025/10/07 10:36 p.m.11 views

Deno's --deny-write check does not prevent permission bypass

Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...

3.3CVSS6.8AI score0.00184EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/04 9:22 p.m.15 views

Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Summary It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC js // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KE...

9.1CVSS6.8AI score0.0041EPSS
Exploits1References5Affected Software2
CNVD
CNVD
added 2025/04/11 12:0 a.m.4 views

Huawei HarmonyOS Memory Write Privilege Bypass Vulnerability

Huawei HarmonyOS is a new distributed operating system developed by Huawei for the Internet of Everything era. It aims to provide a unified operating platform for multiple devices, breaking the device limitations of traditional operating systems and creating a cross-device, cross-platform...

7.8CVSS6.7AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/09 5:6 a.m.26 views

CVE-2025-31172

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS7.2AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2025/04/07 4:15 a.m.7 views

CVE-2025-31172

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is a new distributed operating system developed by Huawei for the Internet of Everything era. It aims to provide a unified operating platform for multiple devices, breaking the device limitations of traditional operating systems and creating a cross-device, cross-platform...

7.8CVSS6.6AI score0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.4 views

PT-2025-15180 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A memory write permission bypass vulnerability exists in the kernel futex module. Successful exploitation of this issue may affect service confidentiality. Recommendations: At the moment,...

8.8CVSS6.1AI score0.00108EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2024/10/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-9870

A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code...

8.8CVSS7.2AI score0.01996EPSS
Exploits1References1
OSV
OSV
added 2022/05/17 3:29 a.m.9 views

GHSA-6W8C-6JRG-QWJ2 Radicale regex metacharacters injection in the user name

Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by...

5.3CVSS5.3AI score0.02219EPSS
Exploits0References13
OSV
OSV
added 2020/01/08 4:15 p.m.1 views

DEBIAN-CVE-2020-0009

In calcvmmayflags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS7AI score0.00687EPSS
Exploits4References1
RedHat Linux
RedHat Linux
added 2015/05/13 12:44 p.m.6 views

flash-plugin: multiple code execution issues fixed in APSB15-09

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on...

6.4CVSS5.9AI score0.42521EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2015/05/13 12:44 p.m.5 views

flash-plugin: multiple code execution issues fixed in APSB15-09

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on...

6.4CVSS5.9AI score0.04736EPSS
Exploits0References5
Rows per page
Query Builder