10 matches found
SUSE SLED15 / SLES15 Security Update : python313-wheel (SUSE-SU-2026:0425-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0425-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Tenable h...
Security update for python-wheel (important)
openSUSE security update: security update for python-wheel ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20147-1 Rating: important References: bsc1257100 Cross-References: CVE-2026-24049 CVSS scores: CVE-2026-24049 SUSE : 7.7...
GHSA-V253-RJ99-JWPQ pnpm has Path Traversal via arbitrary file permission modification
Summary When pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory, causing pnpm to chmod 755 files at arbitrary...
CBL Mariner 2.0 Security Update: cups (CVE-2024-35235)
The version of cups installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35235 advisory. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versio...
Samsung Magician for MacOS Privilege Escalation (CVE-2024-31952)
Samsung Magician versions 8.1.0 are vulnerable to a privilege escalation vulnerability due to issues with symbolic linking in the files used during the installation process allowing an attacker to escalate privileges through arbitrary file permission writes. Note that Nessus has not tested for th...
CVE-2024-31952
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. The attacker must already have user privileges, and an administrator password must be entered during the...
CVE-2024-31952
CVE-2024-31952 affects Samsung Magician 8.0.0 on macOS. The root cause is improper handling of symlinks during installation, allowing a local attacker with user privileges to escalate to higher privileges via arbitrary file permission writes. The attacker must be able to run the installer and ent...
FreeBSD 4.x,NetBSD 1.4.x/1.5.x/1.6,OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition
No description provided by source. source: http://www.securityfocus.com/bid/5355/info A vulnerability has been reported in some versions of the pppd daemon included with multiple BSD distributions. A race condition error in the code may result in the pppd process changing the file permissions on ...
CVE-2007-0117
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials BOM files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil...
CVE-2007-0117
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials BOM files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil...