Adobe Creative Cloud < 6.8.0.821 Application denial-of-service (APSB25-120) (macOS)

The version of Adobe Creative Cloud installed on the remote macOS host is prior to 6.8.0.821. It is, therefore, affected by a vulnerability as referenced in the APSB25-120 advisory. - Creation of Temporary File in Directory with Incorrect Permissions CWE-379 potentially leading to Application...

Local Information Disclosure Vulnerability in io.netty:netty-codec-http

Description GHSA-5mcr-gq6c-3hq2 CVE-2021-21290 contains an insufficient fix for the vulnerability identified. Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This...

CWE-379 in fabric-sdk-rest version All released versions (project is now archived)

In Hyperledger fabric-sdk-rest version All released versions project is now archived a CWE-379 exists in the packages/fabric-rest/fabric-rest-server script that can be attacked via Local resulting in File overwrite from a privileged user...

GSD-2021-1000003 CWE-379 in fabric-sdk-rest version All released versions (project is now archived)

In Hyperledger fabric-sdk-rest version All released versions project is now archived a CWE-379 exists in the packages/fabric-rest/fabric-rest-server script that can be attacked via Local resulting in File overwrite from a privileged user...

temporary file creation (CWE-379) in fabric-samples version Prior to commit 6bccc138887b3dbd9dc920bad200068b11066ef7

In Hyperledger fabric-samples version Prior to commit 6bccc138887b3dbd9dc920bad200068b11066ef7 a temporary file creation CWE-379 exists in the digibank.sh and magnetocorp.sh that can be attacked via Local resulting in Information disclosure of all environmental variables...

GSD-2021-1000010 temporary file creation (CWE-379) in fabric-samples version Prior to commit 6bccc138887b3dbd9dc920bad200068b11066ef7

In Hyperledger fabric-samples version Prior to commit 6bccc138887b3dbd9dc920bad200068b11066ef7 a temporary file creation CWE-379 exists in the digibank.sh and magnetocorp.sh that can be attacked via Local resulting in Information disclosure of all environmental variables...

Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 Vaadin 14.0.3 through Vaadin 14.5.2, 3.0 prior to 6.0 Vaadin 15 prior to 19, and 6.0.0 through 6.0.5 Vaadin 19.0.0 through 19.0.4 allows local users to inject malicious code...

GHSA-2CXF-6567-7PP6 Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

CVE-2019-1010101

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable ALL executables available. The attack vector is: CWE-29, CWE-377, CWE-379...

CVE-2019-1010101

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable ALL executables available. The attack vector is: CWE-29, CWE-377, CWE-379...

Privilege escalation

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable ALL executables available. The attack vector is: CWE-29, CWE-377, CWE-379...

CVE-2019-1010101

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable ALL executables available. The attack vector is: CWE-29, CWE-377, CWE-379...

CVE-2019-1010101

CVE-2019-1010101 affects Akeo Consulting Rufus 3.0 and earlier. The vulnerability is described as Insecure Permissions that enable arbitrary code execution with elevation of privilege. Affected component is the Executable installer and portable executable (ALL executables). Attack vectors are CWE...

ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation

Overview On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint by causing the SecureConnector agent to execute arbitrary code. Description On Windows endpoints, the...

SQLite Tempdir Selection Vulnerability

Vulnerability Details Affected Vendor: SQLite/Hwaci Affected Product: SQLite Affected Version: All versions prior to 3.13.0 Platform: UNIX, GNU/Linux CWE Classification: CWE-379: Creation of Temporary File in Directory with Incorrect Permissions Impact: Data Leakage Attack vector: Local 2...

G-Data DLL Hijacking

Hi @ll, the executable installers of G-Data's "security" products for Windows, available from , allow escalation of privilege! The downloadable executables are self-extractors containing the real executable installer as resource: they create the subdirectory...