JLSEC-2026-111 Deno's --deny-write check does not prevent permission bypass

Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...

CVE-2025-61785

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...

CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...

CVE-2025-61785

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...

CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...

CVE-2025-61785

Summary : CVE-2025-61785 affects Deno versions prior to 2.5.3 and 2.2.15, where Deno.FsFile.prototype.utime and utimeSync are not properly restricted by --deny-write=./. This allows changing atime/mtime on a read-only opened file even when write is disallowed, bypassing the permission model. The ...

CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtim...

PT-2025-41208

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.3 Deno versions prior to 2.2.15 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. The Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync functions are not limited by the...

GHSA-VG2R-RMGP-CGQJ Deno's --deny-write check does not prevent permission bypass

Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...

Deno's --deny-write check does not prevent permission bypass

Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...

CVE-2024-47740

In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable, but this does not give LSMs like SELinux or Landlock an opportunity to deny the write acces...

PT-2024-25803 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.43 Description: The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may...

Microsoft Windows: Write access to devices configured in another organization

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmdenycrossorgwrite.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization Authors:...

Microsoft Windows: Deny write access to removable drives not protected by BitLocker

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmdenywriteaccess.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Deny write access to removable drives not protected by BitLocker Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Microsoft Windows: Removable Disks: Deny write access

This test checks the setting for policy OpenVAS Vulnerability Test $Id: windisksdenywriteaccess.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Removable Disks: Deny write access Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

Microsoft Windows: WPD Devices: Deny write access

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winwpddenywriteaccess.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for WPD Devices: Deny write access Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program ...

condor: incorrect handling of wild cards in authorization lists

Condor before 7.0.4 does not properly handle wildcards in the ALLOWWRITE, DENYWRITE, HOSTALLOWWRITE, or HOSTDENYWRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions...

PT-2008-4827 · Htcondor · Condor

Name of the Vulnerable Software and Affected Versions: Condor versions prior to 7.0.4 Description: The issue is related to the improper handling of wildcards in certain configuration variables, specifically ALLOW WRITE, DENY WRITE, HOSTALLOW WRITE, and HOSTDENY WRITE, within authorization policy...