Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.15 views

CVE-2026-4137

A flaw was found in mlflow/mlflow. Insecure permissions on temporary directories allow local attackers to tamper with model artifacts, such as cloudpickle-serialized Python objects. This manipulation can lead to arbitrary code execution when the tampered artifacts are deserialized. This...

7.8CVSS7.4AI score0.00193EPSS
Exploits1References5
NVD
NVD
added 2026/05/26 8:16 a.m.13 views

CVE-2026-44468

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

8.5CVSS0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 6:37 a.m.14 views

EUVD-2026-31798

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.24 views

PT-2026-43196

Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary fil...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 1:52 p.m.9 views

CLSA-2026-1776347560 glib2: Fix of 2 CVEs

CVE-2019-12450: fix insecure file permissions during copy operations - CVE-2019-13012: fix insecure directory and file permissions in keyfile settings backend...

9.8CVSS7.1AI score0.03211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 4:54 p.m.24 views

CVE-2026-33430 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

7.3CVSS0.00132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.6 views

CVE-2019-12177

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking...

9.3CVSS7.3AI score0.01396EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:26 a.m.10 views

CVE-2019-12777

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They replace secure and protected directory permissions set as default by the underlying operating system with highly insecure read, write, and execute directory...

7.8CVSS7.1AI score0.00411EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3826

Malware in sbrugna...

9.3CVSS7.7AI score0.01396EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-25636

Malware in sbrugna...

10CVSS9AI score0.03123EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23060

Malicious code in bioql PyPI...

7CVSS6.4AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2025/07/30 12:15 a.m.44 views

CVE-2025-25011

CVE-2025-25011 affects Elastic Beats (notably Filebeat) installed via Windows, where the Windows install script can trigger an Uncontrolled Search Path Element leading to Local Privilege Escalation through insecure directory permissions. Affected versions include Beats prior to 9.1.0 (with mainte...

7CVSS6.5AI score0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/30 12:12 a.m.13 views

CVE-2025-0712 APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer

An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files,...

7CVSS0.00132EPSS
Exploits0References1
Elastic
Elastic
added 2025/07/29 11:32 p.m.10 views

Beats (Windows Installer) 8.18.6, 8.19.3, 9.0.6, & 9.1.0 Security Update (ESA-2025-12)

Beats Uncontrolled Search Path Element can lead to Local Privilege Escalation LPE when using the Windows Installer ESA-2025-12 An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improper...

7CVSS5.7AI score0.00138EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.10 views

PT-2025-31359 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: An uncontrolled search path element vulnerability can lead to local privilege escalation LPE via insecure directory permissions. The vulnerability arises from improper handling of directory...

7CVSS6.4AI score0.00132EPSS
Exploits0References7
Veracode
Veracode
added 2023/11/17 10:13 a.m.16 views

Insecure Directory Permissions

Concrete CMS is vulnerable to Insecure Directory Permissions. The vulnerability is due to incorrect permissions set during the creation of directories. An attacker can accesses unauthorized files or directories as a result of this flaw...

9.8CVSS7AI score0.01233EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/07/27 9:28 p.m.35 views

CVE-2022-43701 Insecure directory permissions on installer files

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code...

7.8AI score0.00173EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.3 views

RoboDK 安全漏洞

RoboDK is a robot driver from RoboDK. A security vulnerability exists in RoboDK version v5.5.3 and prior versions that stems from an insecure assignment of critical directory permissions. An attacker exploiting this vulnerability could elevate privileges, which could write files to the RoboDK...

7.9CVSS7.6AI score0.00183EPSS
Exploits0References4
NVD
NVD
added 2021/08/19 12:15 p.m.30 views

CVE-2021-39274

In XeroSecurity Sn1per 9.0 free version, insecure directory permissions 0777 are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges...

10CVSS0.03123EPSS
Exploits2References3
OSV
OSV
added 2021/08/19 12:15 p.m.28 views

CVE-2021-39274

In XeroSecurity Sn1per 9.0 free version, insecure directory permissions 0777 are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges...

9.8CVSS7.5AI score0.03123EPSS
Exploits2References3
Rows per page
Query Builder