CVE-2024-35235 Cupsd Listen arbitrary chmod 0140777

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

UBUNTU-CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

OpenPrinting CUPS Security Vulnerability

OpenPrinting CUPS is a standards-based, open source printing system for Linux® and other Unix®-like operating systems from OpenPrinting, Inc. A security vulnerability exists in OpenPrinting CUPS versions 2.4.8 and earlier, which originates when the cupsd server is started with a Listen...

RHEL 6 / 7 : rh-mariadb101-mariadb and rh-mariadb101-galera (RHSA-2018:0574)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0574 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...

Apache Doris Security Bypass Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...

CVE-2024-26307

Possible race condition vulnerability in Apache Doris. Some of code using chmod method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before...

CVE-2024-26307

Possible race condition vulnerability in Apache Doris. Some of code using chmod method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before...

CVE-2024-26307 Apache Doris: Possible race condition

Possible race condition vulnerability in Apache Doris. Some of code using chmod method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before...

CVE-2024-26307 Apache Doris: Possible race condition

Possible race condition vulnerability in Apache Doris. Some of code using chmod method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before...

PT-2024-2471 · Apache · Apache Doris

Name of the Vulnerable Software and Affected Versions: Apache Doris versions prior to 1.2.8 Apache Doris versions prior to 2.0.4 Description: The issue is related to a possible race condition vulnerability in Apache Doris, where some code uses the chmod method. This method poses a risk of someone...

Moderate: Red Hat Security Advisory: rpm security update

An update for rpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Moderate: Red Hat Security Advisory: rpm security update

An update for rpm is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: rpm security update

The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...

BIT-2020-7221

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

GHSA-CGF8-H3FP-H956 Pleaser privilege escalation vulnerability

please aka pleaser through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited. Here is how to see it in action: $ cd "$mktemp -d" $ git clone --depth 1 https://gitlab.com/edneville/please.git $ cd...

PT-2023-7952 · D Link · D-Link G416

Name of the Vulnerable Software and Affected Versions: D-Link G416 affected versions not specified Description: The issue is related to the awsfile chmod function in the D-Link G416 router's firmware, which does not properly neutralize special elements used in an operating system command. This...

Planet's secret file is created with excessive permissions

Impact The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but its permissions allowed the user's group and non-group to read the file as well. Validation Check the permissions on the secret file with ls -l /.planet.json and ensure th...

pesign security update

115-6.0.1 - Update Oracle Linux test certificates Orabug: 31928433 115-6 - Fix chmod invocation - Resolves: CVE-2022-3560 115-5 - Deprecate pesign-authorize and drop ACL use - Resolves: CVE-2022-3560...

K15677: Linux kernel vulnerability CVE-2014-4014

Security Advisory Description The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the...