17 matches found
CVE-2024-39302
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
EUVD-2014-4299
Malware in sbrugna...
EUVD-2020-25031
Malware in sbrugna...
EUVD-2020-26553
Malware in sbrugna...
PSF-2025-5
Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
CVE-2021-28646
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations...
CVE-2020-14156
userchannel/passwdmgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions...
CVE-2025-24791
CVE-2025-24791 affects snowflake-connector-nodejs (Snowflake NodeJS Driver) on Linux. The vulnerability allows bypassing file permissions checks for the temporary credential cache, exploitable by an attacker with write access to the local cache directory. Affected versions are 1.12.0 through 2.0....
File and Directory Permissions Vulnerability in Hitachi Command Suite
Overview A File and Directory Permissions Vulnerability CVE-2020-36695 exists in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
CVE-2022-0486
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...
CVE-2021-41089
A file permissions vulnerability was found in Moby Docker Engine. Copying files by using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to...
Input validation
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest...
CVE-2018-18332
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations...
froxlor -- database password information leak
[email protected] reports: An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...
Ubuntu 12.04 / 14.04 / 14.10 / 15.04 overlayfs Local Root Exploit
The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIGUSERNS=y and where overlayfs has the FSUSERNSMOUNT flag, which allows the mounting of overlayfs insi...
CentOS Update for infiniband-diags CESA-2013:0509 centos6
Check for the Version of infiniband-diags OpenVAS Vulnerability Test CentOS Update for infiniband-diags CESA-2013:0509 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...
Microsoft Internet Explorer 5 - FTP Password Storage
Microsoft Internet Explorer 5 - FTP Password Storage Microsoft Internet Explorer 5.0 for Windows 2000/Windows NT 4 FTP Password Storage Vulnerability source: https://www.securityfocus.com/bid/610/info FTP usernames and passwords for sites accessed via Internet Explorer 5.X are stored cleartext in...