23 matches found
EUVD-2009-5012
Malware in sbrugna...
CVE-2025-52992
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...
Privilege escalation
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
Design/Logic Flaw
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site...
CVE-2020-24394
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered...
Foxit Reader 3.1.0.0111 < 3.2 Privilege Escalation (macOS)
The version of Foxit Reader for Mac installed on the remote macOS host is 3.1.0.0111. It is, therefore, affected by a privilege escalation vulnerability due to incorrect permission setting. An attacker could exploit this by modifying the dynamic libraries in the Plugins directory. Note that Nessu...
CVE-2014-4659
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format...
Improper Access Control
Oracle MySQL is vulnerable to improper access control. MySQL init script mishandles initialization of the database data directory and permission setting on the error log file allowing local attackers to escalate their privileges to root or cause a system crash...
CVE-2019-7729
The CVE affects the Bosch Smart Camera App for Android prior to version 1.3.1. It arises from insecure permission settings, enabling a local attacker to retrieve video clips or still images cached for clip sharing. Impact is limited to confidentiality (partial), with no egregious integrity/availa...
CVE-2018-15379 Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure PI has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This...
CVE-2018-15379 Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure PI has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This...
CVE-2017-3265
Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...
X File Explorer 'FilePanel::onCmdNewFile'函数访问绕过漏洞
Bugtraq ID:65748 CVE ID:CVE-2014-2079 X File Explorer Xfe是X窗口下的文件管理器程序。 当在Samba或NFS共享上通过X File Explorer创建新文件时,用户的MASK会用于权限设置而非由Samba或NFS配置来指定,可导致受限文件被任意用户访问。 0 X File Explorer 厂商补丁: X File Explorer ----- 用户可参考如下厂商提供的安全补丁以修复该漏洞: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536...
OTRS < 2.4.0-beta2 Restriction Bypass Vulnerability
Open Ticket Request System OTRS is prone to a restriction bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Design/Logic Flaw
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink...
CVE-2009-5056
Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...
Open redirect
Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...
CVE-2008-4297
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request...
Debian Security Advisory DSA 903-1 (unzip)
The remote host is missing an update to unzip announced via advisory DSA 903-1. Imran Ghory discovered a race condition in the permissions setting code in unzip. When decompressing a file in a directory an attacker has access to, unzip could be tricked to set the file permissions to a different...
Vulnerability against DoS attack at permission setting
Description: This bug is similar like this one: http://jira.atlassian.com/browse/CONF-8978. Exploit: Insert to the "Grant permission to" field x thousand comma without sapce...