44 matches found
CVE-2026-4137
A flaw was found in mlflow/mlflow. Insecure permissions on temporary directories allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects. This manipulation can lead to arbitrary code execution when the tampered artifacts are deserialized. This...
CVE-2026-44468
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...
EUVD-2026-31798
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...
PT-2026-43196
Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary fil...
CLSA-2026-1776347560 glib2: Fix of 2 CVEs
CVE-2019-12450: fix insecure file permissions during copy operations - CVE-2019-13012: fix insecure directory and file permissions in keyfile settings backend...
CVE-2026-33430 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...
CVE-2019-12177
Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking...
CVE-2019-12777
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They replace secure and protected directory permissions set as default by the underlying operating system with highly insecure read, write, and execute directory...
EUVD-2019-3826
Malware in sbrugna...
EUVD-2021-25636
Malware in sbrugna...
EUVD-2025-23060
Malicious code in bioql PyPI...
CVE-2025-25011
CVE-2025-25011 affects Elastic Beats (notably Filebeat) installed via Windows, where the Windows install script can trigger an Uncontrolled Search Path Element leading to Local Privilege Escalation through insecure directory permissions. Affected versions include Beats prior to 9.1.0 (with mainte...
CVE-2025-0712 APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer
An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files,...
Beats (Windows Installer) 8.18.6, 8.19.3, 9.0.6, & 9.1.0 Security Update (ESA-2025-12)
Beats Uncontrolled Search Path Element can lead to Local Privilege Escalation LPE when using the Windows Installer ESA-2025-12 An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improper...
PT-2025-31359 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: An uncontrolled search path element vulnerability can lead to local privilege escalation LPE via insecure directory permissions. The vulnerability arises from improper handling of directory...
Insecure Directory Permissions
Concrete CMS is vulnerable to Insecure Directory Permissions. The vulnerability is due to incorrect permissions set during the creation of directories. An attacker can accesses unauthorized files or directories as a result of this flaw...
CVE-2022-43701 Insecure directory permissions on installer files
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code...
RoboDK 安全漏洞
RoboDK is a robot driver from RoboDK. A security vulnerability exists in RoboDK version v5.5.3 and prior versions that stems from an insecure assignment of critical directory permissions. An attacker exploiting this vulnerability could elevate privileges, which could write files to the RoboDK...
CVE-2021-39274
In XeroSecurity Sn1per 9.0 free version, insecure directory permissions 0777 are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges...
CVE-2021-39274
In XeroSecurity Sn1per 9.0 free version, insecure directory permissions 0777 are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges...