CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

CVE-2018-17076

GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file...

CVE-2018-1000637

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fix...

CVE-2018-7689

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2012-3457

PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for processperfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file...

sudo.info.txt

Date: Tue, 8 Jun 1999 21:23:55 +0200 From: Bencsath Boldizsar To: [email protected] Subject: unneeded information in sudo Sudo debian , v1.5.6p2-2 tells anyone if a file exists or not. It's not a very big problem, but when i set a directory not accessible to anyone but root, I want to make sur...