29 matches found
EUVD-2004-1925
Malware in sbrugna...
EUVD-1999-1319
Malware in sbrugna...
EUVD-2014-1129
Malware in sbrugna...
EUVD-2022-28223
Malicious code in bioql PyPI...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Audacity vulnerability (USN-7211-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7211-1 advisory. Mike Salvatore discovered that Audacity incorrectly handled default permissions of temporary files created by the application. An attacker...
CVE-2024-29964
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files...
Security feature bypass
The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality...
PT-2022-10609 · Unknown · Ansible-Runner
Name of the Vulnerable Software and Affected Versions: ansible-runner version 2.0.0 Description: A flaw was found in ansible-runner where the default temporary files configuration is written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading...
CVE-2022-34891
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2021-1832
Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic...
Adobe Premiere Elements Elevation of Privilege Vulnerability
Adobe Premiere Elements is a video editing software. An elevation of privilege vulnerability exists in Adobe Premiere Elements 5.2 and earlier versions. The vulnerability originates from the creation of temporary files in a directory with incorrect permissions. An attacker can exploit the...
The vulnerability of the Cisco AnyConnect Secure Mobility Client’s encryption protection removal process allows a perpetrator to execute arbitrary code with SYSTEM privileges.
The vulnerability of the Cisco AnyConnect Secure Mobility Client’s encryption protection removal process for Windows involves the creation of temporary files with insecure permissions. Exploiting this vulnerability allows a hacker to execute arbitrary code with SYSTEM privileges...
The vulnerability of the Cisco AnyConnect Secure Mobility Client’s encryption protection removal process allows a perpetrator to execute arbitrary code with SYSTEM privileges.
The vulnerability of the Cisco AnyConnect Secure Mobility Client’s encryption protection removal process for Windows involves the creation of temporary files with insecure permissions. Exploiting this vulnerability allows a hacker to execute arbitrary code with SYSTEM privileges...
AZL-39352 CVE-2021-24032 affecting package ceph for versions less than 16.2.10-3
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...
CVE-2021-23331
This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...
CVE-2020-13431
I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory...
PHP 7.3.x < 7.3.15, 7.4.x < 7.4.3 Multiple Vulnerabilities (Feb 2020) - Windows
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
PHP < 7.2.28 Multiple Vulnerabilities (Feb 2020) - Windows
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
USN-3907-1 walinuxagent vulnerability
It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file...
lives -- insecure files permissions
Debian reports: smogrify script creates insecure temporary files. lives creates and uses world-writable directory...